[ISN] Warning Issued Against Fast-Spreading Hacking Worm

From: InfoSec News (isnat_private)
Date: Tue Apr 24 2001 - 13:42:11 PDT

  • Next message: InfoSec News: "[ISN] 2001 FIRST Conference - Reminder"

    An information security institute reported a new hacking tool that is
    spreading quickly between companies and personal computers in Korea.
    The Korea Information Security Agency (KISA) said yesterday the worm,
    known as Carko, is similar in potency to last year's worm that
    severely damaged some high-profile websites such as Yahoo! and CNN.
    The agency's computer forensics experts expressed concern that cases
    of the new virus will increase just as distributed denial-of-service
    (DDoS) tools did last year.
    DDoS tools can flood a single website or Internet server with so much
    data, and from so many sources that the computer effectively would
    disappear from Internet.
    ``The worm exploits a vulnerability in widely used domain-name
    service, or DNS, software used to direct Internet visitors to the
    proper site,'' said the agency's researcher Park Jung-hyun. ``It seems
    to be a vast epidemic.''
    While the worm does not seem to have spread widely into local computer
    networks so far, it has the potential to do extensive damage to
    systems that it compromises, he said.
    The agency said that more than 30 cases were reported so far after the
    first infection was found five days ago.
    Park said worms, like many other hacker tools, are evolving and
    getting dangerous.
    ``With these worms, it's fairly similar in that there is a lot of code
    out there, someone could grab it and mutate it,'' he said. ``Now, the
    worm is out there hacking with different codes.''
    The agency also hypothesized that domestic Internet servers, which
    were infected by the new hacking worm, could be exploited as channels
    for an online war between the U.S. and Chinese hackers.
    As tensions rise between the two giants, computer-savvy citizens of
    both countries have begun waging their own quasi-war on the Internet.
    American hackers are urging each other to break into websites hosted
    in China, and claim that U.S. hackers have already penetrated hundreds
    of Chinese websites.
    Chinese hackers are vowing to retaliate with a week-long attack on
    U.S.- based websites and computer networks, starting May 1.
    Security experts warn that these attacks could affect government
    systems, and that outside of government all website owners and network
    administrators should ensure their networks are well-protected.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 00:34:47 PDT