http://www.korealink.co.kr/kt_tech/200104/t2001042417422445110.htm 2001/04/24 An information security institute reported a new hacking tool that is spreading quickly between companies and personal computers in Korea. The Korea Information Security Agency (KISA) said yesterday the worm, known as Carko, is similar in potency to last year's worm that severely damaged some high-profile websites such as Yahoo! and CNN. The agency's computer forensics experts expressed concern that cases of the new virus will increase just as distributed denial-of-service (DDoS) tools did last year. DDoS tools can flood a single website or Internet server with so much data, and from so many sources that the computer effectively would disappear from Internet. ``The worm exploits a vulnerability in widely used domain-name service, or DNS, software used to direct Internet visitors to the proper site,'' said the agency's researcher Park Jung-hyun. ``It seems to be a vast epidemic.'' While the worm does not seem to have spread widely into local computer networks so far, it has the potential to do extensive damage to systems that it compromises, he said. The agency said that more than 30 cases were reported so far after the first infection was found five days ago. Park said worms, like many other hacker tools, are evolving and getting dangerous. ``With these worms, it's fairly similar in that there is a lot of code out there, someone could grab it and mutate it,'' he said. ``Now, the worm is out there hacking with different codes.'' The agency also hypothesized that domestic Internet servers, which were infected by the new hacking worm, could be exploited as channels for an online war between the U.S. and Chinese hackers. As tensions rise between the two giants, computer-savvy citizens of both countries have begun waging their own quasi-war on the Internet. American hackers are urging each other to break into websites hosted in China, and claim that U.S. hackers have already penetrated hundreds of Chinese websites. Chinese hackers are vowing to retaliate with a week-long attack on U.S.- based websites and computer networks, starting May 1. Security experts warn that these attacks could affect government systems, and that outside of government all website owners and network administrators should ensure their networks are well-protected. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 00:34:47 PDT