http://www.korealink.co.kr/kt_tech/200104/t2001042417422445110.htm
2001/04/24
An information security institute reported a new hacking tool that is
spreading quickly between companies and personal computers in Korea.
The Korea Information Security Agency (KISA) said yesterday the worm,
known as Carko, is similar in potency to last year's worm that
severely damaged some high-profile websites such as Yahoo! and CNN.
The agency's computer forensics experts expressed concern that cases
of the new virus will increase just as distributed denial-of-service
(DDoS) tools did last year.
DDoS tools can flood a single website or Internet server with so much
data, and from so many sources that the computer effectively would
disappear from Internet.
``The worm exploits a vulnerability in widely used domain-name
service, or DNS, software used to direct Internet visitors to the
proper site,'' said the agency's researcher Park Jung-hyun. ``It seems
to be a vast epidemic.''
While the worm does not seem to have spread widely into local computer
networks so far, it has the potential to do extensive damage to
systems that it compromises, he said.
The agency said that more than 30 cases were reported so far after the
first infection was found five days ago.
Park said worms, like many other hacker tools, are evolving and
getting dangerous.
``With these worms, it's fairly similar in that there is a lot of code
out there, someone could grab it and mutate it,'' he said. ``Now, the
worm is out there hacking with different codes.''
The agency also hypothesized that domestic Internet servers, which
were infected by the new hacking worm, could be exploited as channels
for an online war between the U.S. and Chinese hackers.
As tensions rise between the two giants, computer-savvy citizens of
both countries have begun waging their own quasi-war on the Internet.
American hackers are urging each other to break into websites hosted
in China, and claim that U.S. hackers have already penetrated hundreds
of Chinese websites.
Chinese hackers are vowing to retaliate with a week-long attack on
U.S.- based websites and computer networks, starting May 1.
Security experts warn that these attacks could affect government
systems, and that outside of government all website owners and network
administrators should ensure their networks are well-protected.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Thu Apr 26 02:36 CDT 2001