Has your PC been hijacked?

If you subscribe to a cable modem or DSL service, then you're at risk. A growing awareness of the dangers of unsecured home PCs had lead to a boom in firewall downloads, and broadband providers are finally getting the message too
Written by Robert Lemos, Contributor

It's 3am. Do you know who's on your computer? Security experts warn that network intruders -- once only a boogey man for large corporations and government agencies -- are becoming an increasing threat to home users, especially those wired to the Internet via new broadband connections.

"Home users don't have the right security tools, nor the understanding, about why they need them," said Eugene Spafford, computer science professor and security expert at Purdue University. "They are much more likely to be prone to attack, or their machines used in distributed, coordinated attacks."

Last week, Denial of Service attacks downed, or slowed to a crawl, eight major Internet sites -- Yahoo!, Amazon, Microsoft's MSN.com, eBay, E*Trade, Buy.com, Time Warner's CNN.com and ZDNet.

Yet, that should not have been the major story, said Spafford. "What should have been the news is that there was hundreds and thousands of computers taken over by the attackers, and that the owners not only didn't know they got broken into and taken over, but were not monitoring their systems."

With the advent of always-on, high-speed Internet connections, home computers with little -- if any -- security are quickly becoming the number one target for online vandals to use as a staging ground to shoot for more lucrative marks.

Most broadband users "are hopeless victims", said German "white-hat" hacker known as Mixter during an interview on Tuesday over Internet relay chat. "Especially, when they're running Windows and have no good technical knowledge," he added.

Mixter created a Denial of Service program, known as the Tribe Flood Network, which many believe was the tool of choice for the Web attackers last week. The attackers first had to compromise computers and seed each one with the program weeks or months before the event.

This week, a computer believed to have been used in last week's attacks on Yahoo! and other major Web sites was reportedly seized by federal agents in Hillsboro, Oregon. The PC's owner allegedly had no knowledge that the computer was being used as a "zombie" to stage attacks.

For most users, installing a personal firewall can stop such illicit use. Just ask Christian Crumlish of the importance of a good firewall. Spooked by last week's attacks, the Waterside Productions literary agent downloaded Zone Labs' free firewall, ZoneAlarm 2.0, and installed the electronic gate onto his DSL-connected PC. Other personal firewall products include BlackICE Defender and Norton Internet Security 2000. "My system had slowed at seemingly random times in the past," said Crumlish. "But I never really thought I would find anything."

Against his expectations, Crumlish found three programs that, together, opened up his PC for use by cyber vandals. The programs -- run.exe, msr.exe.exe and kerne1.exe -- were the pieces to a backdoor app called SubSeven.

Whoever installed the programs has come back knocking at the trapdoor he left behind, he said. "I have detected three or four attempts to get into my system since I installed ZoneAlarm," said Crumlish, who added that without the urging of a friend, he would never had thought to put the firewall on his system.

"Broadband providers are not telling their customers about the threats they have to worry about," he said. In fact, more than 400,000 users have taken matters into their own hands and downloaded copies of ZoneAlarm since the attacks last week. Such incidences are quickly convincing broadband companies to change their tune.

One subscriber to broadband, Internet service provider Flashcom Communications, complained to ZDNet News that the company would not let him install a firewall. "They said they would not support a firewall, and if I installed one, they would disconnect me from the system," said Jann Linder, a Silicon Valley Web programmer.

Flashcom denied that it would prohibit any subscriber from setting up a firewall. "Setting up a firewall is not a trivial thing to do," said Richard Rasmus, Flashcom's president and chief operating. "We don't do anything to defeat or frustrate a firewall that a customer sets up for themselves. But there is a distinction between that and supporting a product."

The company is now in the process of evaluating firewall products to select one that it will support in the future.

Excite@Home has also seen the light. The broadband-over-cable provider signed a deal with MacAfee to sponsor a security zone for subscribers by March, and offer its personal firewall product to @Home's cable modem customers.

"The attention to such security details did not come quickly enough," said Gregor Freund, president of firewall maker Zone Labs. According to the company, attackers can directly access the hard drives of approximately 10 percent of home computers without having to circumvent security.

"[Those users'] computers are completely wide open," he added. During the 10-minute interview he also pointed out that such attacks are almost ubiquitous, with six already having occurred on his own company's system.

"We are a target, of course, but the bottom line is that people have to take responsibility for their own machines."

What do you think? Tell the Mailroom and read what others have to say.

Take me to the Hackers News Special

For full coverage, see the Denial of Service Roundup.

Editorial standards