Security experts have warned that a wave of hack attacks is striking tens of thousands of PCs via instant messenger (IM) or Internet Relay Chat (IRC) clients, using nothing more high-tech than old-fashioned social engineering.
Hackers are using automated tools to send messages to random IM and IRC users, offering them a piece of software they might want or need, such as antivirus protection, improved music downloads or pornography, according to an advisory posted on Tuesday by CERT, a US government-funded security research body.
When the file is downloaded, however, it turns out to be malicious software that may expose confidential data or allow a hacker to take control of the victim's PC to help attack other Web servers, in what is known as a distributed denial-of-service (DDoS) attack.
A sample message runs as follows: "You are infected with a virus that lets hackers get into your machine and read ur files, etc. I suggest you to download [malicious url] and clean ur infected machine. Otherwise you will be banned from [IRC network]."
The downloaded software allows the hacker to take remote control of the victim's system, exposing confidential data, installing other malicious programs, and changing or deleting files. It also can co-opt the system into a DDoS attack, which uses a large number of computers distributed over the Internet to overload a target Web server with traffic, slowing or halting ordinary service on that Web site.
The tactics sound simple, and success depends on the user's decision to download the software. Even so, CERT says large numbers of systems have recently succumbed to the attacks, demonstrating that in some cases the oldest methods are the best. "Although this activity is not novel, the technique is still effective, as evidenced by reports of tens of thousands of systems being compromised in this manner," wrote CERT's Allen Householder.
"It's a part of every new threat we see," said Jack Clark, european product marketing manager for antivirus vendor Network Associates. "If you give anybody something they feel they need, it's plain old human nature to download it. The way we try to tackle it is just education."
In the early days of the Internet, for example, convicted hacker Kevin Mitnick famously stole confidential code from large companies by simply tricking staff into revealing network passwords. More recently, the rampant LoveLetter virus spread around the world in 2000 by posing as a valentine from a friend. And in a reversal to the usual form of socially engineered virus, last May a hoax email was passed on by well-meaning people warning recipients that their PCs may contain a virus called sulfnbk.exe. In fact, this file is not a virus but an essential part of the Windows operating system.
CERT recommends keeping antivirus software up to date, as well as general caution about downloading unknown files. "Users of IRC and IM services should be particularly wary of following links or running software sent to them by other users, as this is a commonly used method among intruders attempting to build networks of DDoS agents," Householder wrote.