Results 1 to 2 of 2
July 11th, 2003, 07:42 AM #1
From http://www.nytimes.com/2003/07/11/te...gy/11HACK.html (free registration required)
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Hackers Hijack PC's for Sex Sites
By JOHN SCHWARTZ
More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites.
The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers.
Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation.
The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites.
"Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail.
By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material.
The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever."
By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected.
The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection.
The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C.
The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate.
Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time.
He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next.
"This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' "
The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam.
As network administrators have gradually shut down the open relay networks, spam senders have used viruses to plant similar capabilities on home and business computers.
But this appears to be the first viral infection to cause target computers to display whole Web sites, Mr. Smith, the researcher, said.
A Justice Department official said that the computer ring, as described to him, could be a violation of at least two provisions of the federal Computer Fraud and Abuse Act.
The ring has also been used to run a version of a scheme for collecting credit card information from unwary consumers that has been called the "PayPal scam," Mr. Smith said. The hijacked computers send e-mail messages that purport to come from PayPal, an online payment service owned by eBay, asking recipients to fill out a Web site form with account information.
It is unclear precisely how the program, which depends on computers hooked up to high-capacity, high-speed Internet connections, gets into people's computers. Mr. Smith said that he thought that the delivery vehicle was a variant of the "sobig" virus. But Mr. Stewart, the computer security expert at Lurhq, said he had seen no evidence that the "sobig" virus was the culprit, and is looking at other mechanisms for delivery.
Neither Mr. Smith nor Mr. Stewart has found a simple way to tell whether a computer is infected. Technically, the rogue program is a reverse proxy server, which turns a computer into a conduit for content from a server while making it appear to be that server. Mr. Smith said when word of the program gets out, antivirus companies are likely to offer quick updates to their products to find and disable the invasive software.
Computer owners can protect themselves by using firewall software or hardware, which prevent unauthorized entry and use of computers, Mr. Smith said. The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system.
Mr. Stewart, who has written a technical paper to help antivirus companies devise defenses against the porn-hijacking network, has named the program "migmaf," for "migrant Mafia," because he thinks the program originated in the Russian high-tech underworld.
Hackers from the former Soviet Union have been linked to several schemes, including extortion attempts in which they threaten to shut down online casinos through Internet attacks unless the companies pay them off.
Antispam activists have also accused Russian organized crime organizations of taking over home and business PC's to create networks for sending spam. "They always seem to lead back to the Russian mob," Mr. Stewart said.
All your commission are belong to us.
Check out the latest Homeland Security press releases.
July 12th, 2003, 08:19 AM #2
- Join Date
- January 18th, 2005
- St Clair Shores MI.
3rd world programming extertise at it finest.
Stealth Program Hijacks PCs to Send Porn Ads
Fri July 11, 2003 05:30 PM ET
SAN FRANCISCO (Reuters) - Close to 2,000 Windows-based PCs with high-speed Internet connections have been hijacked by a stealth program and are being used to send ads for pornography, computer security experts said on Friday.
It is unknown exactly how the so-called "Trojan" program is spreading to victim computers around the world, whose owners most likely have no idea what is happening, said Richard M. Smith, a security consultant in Boston.
Security provider Network Associates Inc. NET.N rated the trojan a low risk since it did not appear to be more widespread and was not harming the victim computers.
Trojan programs are typically spread via e-mail viruses and can also sneak onto computers through Web browsers when surfing, he said.
The trojan, dubbed "Migmaf" for "migrant Mafia," turns the victim computer into a proxy server which serves as a sort of middle man between people clicking on porn e-mail spam or Web site links, according to Smith.
It allows the victim computer to fetch porn Web ads from an undisclosed server and pass the ads on to other computers either through an e-mail spam or a Web browser.
The victim computer acts as a "front" to the porn Web site, enabling the porn Web servers to hide their location, Smith said.
The scam also is believed to be responsible for a PayPal scam discovered last week designed to collect credit card information from people who filled in a form they received via e-mail purporting to be from Web payment provider PayPal, Smith said.....complete story below.
Mike & Charlie ...
If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..
By Snowfinch in forum Midnight Cafe'Replies: 2Last Post: July 17th, 2009, 11:11 AM
By jc101 in forum Virtual Family and Off-TopicReplies: 2Last Post: December 1st, 2005, 03:01 PM
By womanht in forum Midnight Cafe'Replies: 9Last Post: September 26th, 2005, 07:34 AM
By jackson992 in forum Midnight Cafe'Replies: 8Last Post: May 19th, 2004, 09:43 PM