[Date Prev][Date Next][Thread Prev][Thread Next][Date Index ][Thread Index ]

warning on accepting elec



>From strider@xxxxxxx  Wed Dec  2 00:44:50 1998
Received: from ksc15.th.com (ksc15.th.com [203.155.33.55])
	by igcb.igc.org (8.8.8/8.8.8) with ESMTP id AAA20371
	for <burmanet-l@xxxxxxxxxxx>; Wed, 2 Dec 1998 00:44:45 -0800 (PST)
Received: from ksc.th.com (p134ppp112.ksc.net.th [203.155.134.112])
	by ksc15.th.com (8.9.1/8.9.1) with SMTP id PAA04109
	for <burmanet-l@xxxxxxxxxxx>; Wed, 2 Dec 1998 15:43:22 +0700 (ICT)
Message-Id: <3.0.3.32.19981202154946.0069df94@xxxxxxxxxxxx>
X-Sender: osolnick@xxxxxxxxxxxx
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Wed, 02 Dec 1998 15:49:46 +0700
To: burmanet-l@xxxxxxxxxxx
Subject: warning on accepting electronic greeting cards
Mime-Version: 1.0
Content-Type: text/enriched; charset="us-ascii"



Dear collegues.


There is info that two persons hired by a middleman - hired by one of the
SLORC lobby firms are in Thailand with the objective of  looking into the
e-mail usuage and the encryptions of the democratic forces.  


We are also attaching an article  we see as something that all of us need
to know regarding the possibility of unknowingly accepting backdoor
hacker programs through receiving seasonal greeting cards.


I would suggest the computer persons of all organizations be firm in
telling all users around them from - 

	1. bringing in new face good talking volunteers [ especially non-asians
to their essential computer ] 

	2. accepting electronic cards as there is a possiblity of the SLORC guys
 using the good spirit to place the backdoor programs in our main
computers. 


FTUB



<center>+++++++++++++++++++++++++



</center>

Lethal security threat makes debut thanks to backdoor programs, 

attachments


by - Craig Emmott 

database - BangkokPost 2 December 1998



The festive season is upon us, but this year the Christmas cards
ar-riving in Internet users' mailboxes may contain a deadly payload
-backdoor programs which allow in-truders to contrpl a personal comput-er
on the Internet without the own-er's knowledge.


Once a PC has been compromised, intruders can access it over the Net to
steal passwords and files, monitor keystrokes or instruct the machine to
reboot itself.


Although backdoor programs are similar to commercially available re-mote
system administration tools, they have been optimised for hacking and
their use is now rampant in Thailand.


Released in August by a hacker group known as the "Cult of the Dead Cow"
(cDc), Back Orifice is the most deadly known example of this new security
threat.


It comes with plug-ins for extra functionality, a variety of stealth
fea-tures to avoid detection, and the abili-ty to steal cached passwords
from Windows 95/98 PCs at the click of a button.  Embarrassing  Microsoft
seems to have been the main reason for its release.


The author of "NetBus", an older but less well-known program, claims it
was originally designed for playing pranks on Internet friends. Although
most of its features are similar to those of Back Orifice, NetBus is
NT-compatible and can open CD-ROM drives or swap the function of left and
nght mouse buttons on the victim's machine.


Requiring no technical knowledge or programming skills, Back Orifice and
NetBus owe much of their popu-larity to a push-button interface and
unprecedented ease of use.


Favoured by the new generation of would-be hackers known as "script
kiddies," these backdoor programs can be delivered directly to
unsus-pecting targets by email or ICQ. Email file attachments are
frequently used to send programs that display greeting cards and other
graphic images.



If the victim runs the program on his machine, a backdoor server is
se-cretly installed and becomes active every time the PC is switched on.
Using a client program, an intruder can then attack the victim's machine
whenever it is connected to the In-ternet.


The usual attack scenario is that passwords are stolen and intruders -are
then able to log in to the victim's Iaccount and surf the Net at his
ex-pense. Any password change by the 	account owner is likely to be
logged by the attackers and credit card de-tails entered online can be
stolen as they are typed.


In a recent incident involving a local businessman, an employee
in-stalled a backdoor on the office com-puter before leaving the company
and was able to abuse the firm's Internet account months later after the
pass-word had been changed. The poten-tial for industrial espionage or
sabo-tage with these programs is very real.


Back Orifice and NetBus are often referred to as "Trojans" because after
a victim is tricked into installing them they allow access to outside
attackers.


When the cDc first announced their new tool, Microsoft's official
re-sponse was: "Back Orifice is unlikely to pose a threat to the vast
majority of Windows 95 or Windows 98 users, es-pecially those who follow
safe Inter-net computing practices." But many Net users don't follow safe
practices, allowing computer viruses and Tro-jans to proliferate.


Like viruses, Trojans can be diffi-cult to find and delete. Preventative
measures might be inconvenient, but they are always less painful than
cleaning up the mess after an attack.


Internet users who only run pro-grams obtained from trusted sources are
unlikely to be compromised un-less sharing their PC with others. Parents
should be especially careful when children share their machine.


    Kids love applications such as ICQ and IRC which have made file
swap-ping very easy and contributed to the rapid spread of Back Orifice
and NetBus.


Fortunately, vendors of security and anti-virus software have respond-ed
quickly to the new threat. McAfee, Symantec and Data Fellows have all
upgrade4  their  products  (see <<http://www.inet.co.th/security/>)

to protect against backdoor pro-grams, and freeware utility BODetect also
does an excellent job of keeping out intruders.


In the long run, this type ofpreven-tion software is likely to be the
most practical solution for the majority of Internet users.


Craig Emmott can be contacted at whitehat@ thai.com.


 - ends -