PracticePeople In PracticeDeadly hacking tool discovered

Deadly hacking tool discovered

Security experts have warned that hackers are developing a distributed denial of service (DDoS) tool that could be even more devastating than those used to paralyse eBay, Yahoo! and other major internet sites in February.

The tool, called Mstream, joins Trinoo, TFN2K, Stacheldraht and other programs that can be used to launch DDoS attacks.

Using these programs, a hacker can make infected hosts send a series of messages to a target computer. The volume of messages arriving at the same time is enough to overwhelm that server, making a website inaccessible.

Although Mstream is believed to be in the early stages of development, it is more powerful than existing DDoS attack tools, said Dave Dittrich, a University of Washington computer administrator who took part in an analysis of Mstream.

Despite numerous bugs and an incomplete feature set, the tool is still powerful enough to disable a website with only a handful of agents.

‘An Mstream agent was discovered in late April 2000 on a system at a major university,’ said Dittrich in a posting to online security website, Packetstorm.

Despite the use of filtering by the university, which meant only a very small number of packets were being launched,’the traffic caused the router [which served 18 subnets] to become non-responsive’, Dittrich’s posting noted.

‘The lesson here is that there is no ‘quick fix’ to DDoS in the form of simple technical filtering solutions,’ he said.

Neil Barrett, technical director of security consultant Information Risk Management, said further development of DDoS tools made ‘a very good case for the introducing of intrusion detection systems with more sophisticated log files’.

He said members of the internet community must ensure that their own websites are not compromised or vulnerable to attacks.

DDoS attacks have waned since a series of high-profile assaults in February, but they have not ceased. For example, internet hosting firm AboveNet was attacked last week.

A Canadian teenager, known as Mafiaboy, has been arrested in connection with an attack on CNN’s website. However, it is not clear whether he was involved in the other attacks.

Related Articles

Is inefficiency stealing your time and money?

Accounting Firms Is inefficiency stealing your time and money?

4m Emma Smith, Managing Editor
CIMA elects new president

Institutes CIMA elects new president

4m Emma Smith, Managing Editor
Transparent currency trade: How to achieve costs visibility

Governance Transparent currency trade: How to achieve costs visibility

4m Emma Smith, Managing Editor
Magma Group announces merger, partner promotions

Accounting Firms Magma Group announces merger, partner promotions

8m Emma Smith, Managing Editor
MHA MacIntyre Hudson advises on management buy-out

Accounting Firms MHA MacIntyre Hudson advises on management buy-out

8m Emma Smith, Managing Editor
Introduction to KPMG UK’s new leadership team

Accounting Firms Introduction to KPMG UK’s new leadership team

5m Emma Smith, Managing Editor
EY appoints head of UK Infrastructure Asset Intelligence practice

Accounting Firms EY appoints head of UK Infrastructure Asset Intelligence practice

6m Emma Smith, Managing Editor
FRP Advisory expands operation with new office, partner appointments

Accounting Firms FRP Advisory expands operation with new office, partner appointments

8m Emma Smith, Managing Editor