Seasonal hack fears.

Internet security researchers have warned that hackers are planning to launch internet-based denial of service attacks on web retailers over the Christmas period.

Internet Security Systems said that many hundreds of computers are infected with so-called zombie agents, which would allow hackers to commandeer the machines and cripple the servers by flooding sites with a huge number of spurious requests.

But the company warned only 10 per cent of online retailers are prepared to deal with attacks of this type, which were responsible for bringing down high-profile sites such as Yahoo and eBay in February this year.

Chris Rouland, director of X-force, a counter-hacker group at ISS, warned the current spread of Trojan viruses parallels the events that occurred prior to the attacks.

X-Force, whose members infiltrate hacker gangs to get intelligence on the digital underground, has discovered over 800 computers infected with the SubSeven DEFCON8 2.1 backdoor, a variation of the SubSeven Trojan.

This has been distributed on Usenet newsgroups with file names such as ‘SexxxyMovie.mpeg.exe’.

The group has determined that individuals are using this network of compromised hosts to test new distributed DoS methods and strategies.

Alarmingly, fresh versions of the Stacheldraht and Trinity DDoS attack tools, earlier versions of which were the chief weapons deployed during the attack on eBay and other sites, are also spreading.

The tools were detected in corporate networks, as well as in personal computers with high-speed network connections which would magnify their potential effectiveness.

‘These tools are likely to be used over the Christmas period against online retailers who are not prepared to deal with them,’ said Rouland.

‘If you said 10 per cent were prepared, it would be a liberal estimate.’

Users should put security policies in place and deploy technologies such as intrusion detection to prevent becoming unwitting agents in attacks, Rouland advised.

Rise of the Trojan

Related reading