Forwareded From: "Prosser, Mike" <Mike_Prosser@tds.com>
http://www.idg.co.nz/nzweb/nzweb.shtml
Tuesday November 24
Xtra admits password thefts
Telecom security investigates Xtra tie-in with Ihug attack
By Russell Brown - AUCKLAND
Only days after issuing a press release talking up its security, Xtra has
admitted that attacks using the trojan horse program Back Orifice have
seen customer passwords stolen.
Although Xtra has been dealing with Back Orifice infestations on customer
PCs for months, it opened a page for "anti-virus information" this
morning, apparently in response to press queries about password theft
using the program.
The Back Orifice scare may not be the last upset for Xtra. Telecom
security staff have been working with management at the Internet Group to
investigate a claim that the attacks on the Ihug homepages machine was
carried out from a static IP address under the control of Xtra. Results of
the investigation are expected later today.
Although this morning's New Zealand Herald claims that a hacker has
acquired the passwords of "hundreds" or Xtra customers, the company's new
page says it "believes this type of virus to be responsible for the
attacks on the connection user names and passwords of two of our
customers."
If Back Orifice is downloaded and inadvertently executed on a Windows 95
or 98 PC, it allows the attacker full remote access to the machine. Files
can be viewed, modified, and deleted, passwords stolen and hard drives
formatted.
Xtra is not the only local ISP dealing with Back Orifice infestations -
most have customers who have suffered.
The Xtra help site includes links to background material on Back Orifice
and to AntiGen, a free program from the US company Fresh Software that
cleans up the virus but does not prevent future infestations.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 09:01:24 1998