New hacker software could spread by email

A group of anonymous programmers has released a new version of the software that may have helped shut down Yahoo and Amazon.com earlier this month--one that makes it far easier to launch attacks, computer experts say.

The tools, a new version of a software package dubbed "Trinoo," could allow attackers to infiltrate ordinary desktop computers though an innocent-looking email attachment. These computers--particularly those connected to high-speed Internet services--could then be used as unwitting accomplices in assaults on other Web sites, security analysts say.

"(The previous attacks) took someone who knew what they were doing," Trend Micro spokesman David Perry said. "This turns it into a kid-on-the-street problem."

The release of these tools follows some of the highest-profile computer attacks in the Web's history. Using a method dubbed "distributed denial of service attacks," computer vandals successfully rendered Yahoo, Amazon, eBay and a handful of other big Web sites paralyzed for hours at a time by swamping them with a multitude of simultaneous requests.

The attacks have spurred law enforcement investigations around the globe, but the FBI has not reported any major breakthroughs in the case.

Some speculation has centered on several individuals with hacker nicknames like "mafiaboy." Canadian authorities investigated an Internet service provider last week that once hosted a "mafiaboy" hacker-related site. But Canadian police said today that they had no progress to report in their investigation.

Although no conclusive evidence has been released on exactly what tools were used in the denial of service attacks, recent speculation has focused on tools with names like Trinoo, Tribe Flood Network and Stacheldracht (German for "barbed wire").

These tools allow an attacker to place agents on "zombie" computers around the world and then wake them up simultaneously to launch a crippling stream of Web traffic at a target site. Security officials at the FBI and other computer security agencies have been warning of the danger these tools pose for several months and have provided software to help guard against their use.

But the new version of Trinoo heightens the danger because it makes attacks easier to launch. Because the new version can infiltrate Windows NT-, Windows 95- and Windows 98-based machines, far more computers are at risk of becoming hosts.

The Windows version also allows the tools to be spread as apparently innocuous email attachments, much like ordinary viruses. Computer security experts say they haven't seen this happen yet, but that the Windows platform makes it relatively easy to do.

"This does make (denial of service attacks) easier," said Elias Levy, chief technical officer for SecurityFocus.com, a computer security Web site. "Not that it required a lot of intelligence or skill before. But this does bring it down another notch."

The new tools are largely a threat to users with always-on DSL (digital subscriber line) or cable modem connections, analysts said.

This kind of threat has been seen before with the Back Orifice software, Levy noted. That package, once surreptitiously installed on a system, allows an outside person to control the computer remotely. The Trinoo package is geared more specifically for launching denial of service attacks, however.

Most of the major antivirus firms have already developed or are developing tools to scan for and remove the new Trinoo software.

Please change the title to "cracker software"

I ve read your news on the new denial of service attack perperated by vandals. I would like to turn your attention to your use of the word Hacker to denote the vandals.
This is an absolutely disgusting accusation as those vandals are to be denoted by the words vandals,theives and/or computer cracker.A hacker anywhere is a person who creates a program or a utility (constructive and useful for all the members of the internet community, not a trojan or a password stealer or ddos ware)for use and debugs it to perfection so as to avoid any errors in the software.
Now when its done like this the 'hacker' gets a huge insight into s/w workings and development and his software will improve the standards of internet life.He is not breaking any law anyway.Its a sign of respect and knowledge to release good, useful and improved software into the net.The people you talk about break into others websites and email ids and create havoc thinking they are pointing out flaws in the system,which is a stupid act. Punish them by calling them thugs, theives and 'idiots'. And btw and idiot is one who has his own idiom for life and will not listen to anyone or even respect anyone. Please donot put your prejudice into reporting and call ugly thugs with the name hackers.
If you still arent convinced visit, www.gnu.org,www.linux.org, and the likes of website to get a clear picture of what hackers are, and how they originated.

Your's sincerely,
ajit.