While UK Internet users are chomping at the bit to get their modems on this summer’s cable and ADSL broadband offerings, recent hack attacks are issuing a clear wakeup call that always-on connections also have a downside.
A malicious program concealed in a digitised video clip has already compromised security on thousands of computers linked to the Internet by broadband connections, a US network security firm reports.
Network Security Technologies (Netsec) says it has detected the program, a so-called Trojan, on some 2000 computers, including some in major businesses throughout Europe and the United States.
With the program installed on so many machines, the hackers could easily use the compromised machines to launch a distributed denial of service attack like the one that affected a number of e-commerce Web sites earlier this year, the company says in a statement.
The Trojan was installed on a machine at Netsec. It was detected trying to send information about passwords on the computer back to the hackers who developed it, according to Netsec officials.
The Trojan is unusual because it has several defence mechanisms designed to prevent detection by virus scanners. The malicious part of the code is compressed to avoid detection, and it changes its name with each installation.
The malicious code is transported within an .avi file, according to Netsec. When someone attempts to play the .avi file, the malicious executable decompresses and installs itself on the hard drive.
The next time the PC boots, the code randomly renames itself, modifies the system.ini and win.ini files and the Windows Registry, and attempts to connect to one of two modified Internet Relay Chat servers.
Once this connection is established, it sends the compromised computer's IP address, and then listens for further instructions. The Trojan can give hackers "full control" of the compromised machine, according to Netsec.