Knock out the new trinoo virus
Viruses are nothing new; they've been a serious problem for Windows users for many
years. But this February was marked by the appearance of a new virus that installs the
attack daemons, or zombies, used in distributed denial of service (DoS) attacks.
The new virus implements
four known distributed DoS zombies. trinoo listens
for commands from a master server, then sends floods of User Datagram Protocol (UDP)
packets at a victim. Receiving such floods of data from a single Windows system is not
too troublesome, but these attacks involve dozens or even hundreds of zombies.
The virus version of trinoo can be spread just by
opening email or email attachments, or by downloading and executing code from
questionable sources. Vendors were quick to respond with updates to their
virus-scanning signatures.
McAfee,
Trend Micro, and
Symantec all announced new
signatures within days of the discovery.
The earlier distributed DoS attacks used Linux and Unix systems as hosts. Since
there are so many Windows clients, and Windows is particularly vulnerable to viruses,
the exploitation of Windows machines by hackers in this way means that the potential
for more devastating attacks has emerged.
If you have antivirus software, make sure you download a recent update with the
latest virus signatures. If you don't use current antivirus software, consider getting
some. In the meantime, be on the lookout for unusual behavior, such as a sudden
increase in network activity, which could be caused by the daemon launching an attack.
If you see a sudden increase in traffic, disconnect your system from the network or
the Internet until you can find and remove the daemon. According to
the Razor group at Bindview
Development, which makes a utility called
Zombie Zapper,
the trinoo trojan calls itself
two steps: First, using a registry editor, edit the key service.exe. Then locate the file
on your hard drive and delete it as well (but not
» posted by abennett
ITworld.com
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
