Hack attacks on home PCs increase

Home PCs face increasing threats from intruders, and those on broadband connections are most vulnerable, according to both CERT and the hackers themselves
Written by Matt Loney, Contributor on

The last three months have seen a significant rise in so-called intruder attacks directed at home users, according to the latest quarterly report from the US-based CERT Coordination Centre.

Intruder attacks are defined as anything from packet sniffers, which capture data from plain text email and other information as they travel over the network, to email viruses -- not just hacking attacks.

PCs running Windows are particularly vulnerable. Unprotected Windows networking shares are singled out as one weakness often found in home PCs, allowing hackers to place tools on large numbers of Windows-based computers attached to the Internet. Windows is also singled out for its option to "Hide file extensions for known file types", which is enabled by default, making it difficult for many people to spot extensions such as .vbs on files. Many email viruses -- such as Love Letter -- arrive as Visual Basic files with .vbs extensions.

According to CERT, home users are particularly vulnerable to compromises of their PCs because "they do not keep them up to date with security patches and workarounds, do not run current anti-virus software, and do not exercise caution when handling email attachments."

"Intruders know this," said CERT in its advisory, "and we have seen a marked increase in intruders specifically targeting home users who have cable modems and DSL connections".

PCs connected to the Internet by cable modem or DSL are more vulnerable to hacker attacks than PCs connected by dial-up modem. Of these two broadband connections, says CERT, PCs connected by cable modems are the most vulnerable. This is because entire neighbourhoods of cable modem users are effectively part of the same LAN. A packet sniffer installed on any cable modem user computer in a neighbourhood may be able to capture data transmitted by any other cable modem in the same neighbourhood.

One former hacker known by the tag RaFa, who built up a notoriety for defacing Web sites when he was affiliated to a group called World of Hell (WoH), said home PCs are very much at risk from such attacks. Referring to the Network Address Translation method that is used to 'hide' home PCs from the Internet, RaFA told ZDNet: "A gateway device that controls the natting functions is typically the first system compromised (i.e. wingate, ipchains, etc) and than used as a launchpad to attack the internal machines it is natting for."

But CERT warns that while DSL access is not susceptible to packet sniffing and NAT attacks as cable modem access, many of the other security risks apply to both forms of access. And not even PCs on dial-up connections are immune from some of the most common security risks, such as email worms.

Other threats to home PCs include email spoofing, where an email that apparently originates from a reputable source tricks the user into releasing sensitive information. Weaknesses in chat clients are also cited, as are Trojan horse programs, which trick users into installing software that gives intruders easy access to a PC. On Windows computers, three tools commonly used by intruders to gain remote access to PCs are BackOrifice, Netbus and SubSeven.

RaFa, who is now senior research scientist at Fate Research Labs, said the diversity of files and information obtained from home systems range from credit card account numbers to online bill payment details, Word documents containing social security numbers from letters, and online brokerage accounts. "What home users need to understand is that security maintained with the Web site you use for business is not the weakest link in the chain. The weakest link will always be you and how strong your own security is on your machine."

For firewalls and other security downloads on ZDNet UK, click here.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards