will hill wrote:
>Lately, I've seen machines that dial ISPs on their own, > Be careful with this. There are some viruses/trojans out there right now that will make the computer dial another number that will bill the customer as much as $5 a minute. The customer never knows, because the internet connection still functions. see below (couldn't find the original article I read, but this has most of the info): * Hackers exploit security holes; Unsuspecting surfers run up massive bills * SAN FRANCISCO, (Agencies): Security holes in Microsoft's Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, which could prove an even more dangerous exploit, said Drew Copley, a research engineer at Aliso Viejo, California-based eEye Digital Security, who discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things, he said. Microsoft has released a patch for the original hole, which was reported about a month ago, said Stephen Toulouse, security program manager for Microsoft's Security Response Center. The company is looking into what it says are variations of the original hole that have been discovered since then that the patch does not fix, Toulouse said. "We will release a fix for the variations," he said. Security experts are reporting the variations as new security holes, disclosed within the past three weeks and used for different types of attacks, Copley said. Microsoft and eEye Digital Security said they have issued information for temporary workarounds. In general, the attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging, Copley said. When the Web site appears, it downloads code that can execute commands on its own onto the unsuspecting computer user's machine, according to Copley. Hijack An attacker has written a program that uses a security hole in Internet Explorer to hijack an already running AOL Instant Messenger account, changes the password and send a message to the buddies list with a link to the malicious Web page, according to postings on the Bugtraq security e-mail list. The Web site the posting listed as stealing the AIM passwords appeared to have been shut down. An AOL Time Warner spokesman said the company was looking into the issue. Another attack is being accomplished by sending computer users to Web sites - typically porn sites - that change the computer's dial-up settings to an expensive long-distance phone number without the user knowing it, said Richard Smith, an independent Boston-based security researcher. In the so-called "porn dialer" attack, victims are being charged as much as $ 5a minute instead of paying their normal Internet service fee, he said. A third type of attack steers computer users to pay-per-click Web sites, where the spam marketer gets paid each time someone goes to the Web site, Copley said. "These kinds of bugs are really spooky" because they work in the background, undetected by the computer user, he said. "With these kind of holes, a lot of roaches crawl through." Computer users can protect themselves by applying patches, following the workaround instructions or changing their settings in Internet Explorer to prompt them before a Web site downloads programs that can execute on their own, Toulouse said. Also on Friday, anti-virus company Global Hauri of South Korea warned about a new medium-risk computer worm that spreads through Microsoft Network's MSN Messenger system, attempts to connect to a porn Web site and passes itself around to others in the victim's contact list. Toulouse said Microsoft was looking into the matter. Information about the security holes and how to fix them is at http://www.microsoft.com/technet/security. Meanwhile, US authorities said Friday a juvenile had been arrested and charged with releasing a variant of the Blaster Internet virus that led to an attack on Microsoft computers. The youth was the second person charged in the past month in connection with the virus, which hit hundreds of thousands of computers around the world. Because the youth is under18 , authorities are not permitted to disclose his or her identity or other details about the case, including the location of the arrest. The US Justice Department said the latest youth arrested helped release the RPCSDBOT version of the worm, which directed infected computers to launch a ?denial of service attack,? flooding Microsoft?s computer network. The youth was charged as a juvenile with intentionally causing damage and attempting to cause damage to protected computers. ?Computer hackers need to understand that they will be pursued and held accountable for malicious activity, whether they be adults or juveniles,? said US Attorney John McKay in Seattle, Washington, who headed the investigation with the FBI and other agencies. McKay said the investigation was not over and urged anyone with knowledge of the case to come forward. In late August, Jeffrey Lee Parson,18 , of Minnesota was charged with creating and spreading the so-called B variant of the worm, which quickly infiltrated and clogged computer networks worldwide. Damage Parson, known online by the nickname ?teekid,? faces up to 10 years in prison and a fine of up to $250, 000on the charge of intentionally causing and attempting to cause damage to a protected computer used in interstate commerce. The Blaster worm started a denial of service attack against Microsoft by sending millions of requests for automated software updates, flooding the company?s computer systems. The virus also carried a message to Bill Gates, the Microsoft founder and chairman, saying: ?Billy Gates why do you make this possible? Stop making money and fix your software!!? The virus spread to hundreds of thousands of computers around the world in mid-August and was among a series of worms that clogged the Internet, causing an estimated five million to $ 10million in damage. It forced computer shutdowns at the Federal Reserve Bank of Atlanta, Georgia and the Maryland state motor vehicle offices.The recent spate of viruses, including the Blaster and SoBig worms, have experts worried about the new breed of virus, which spreads quickly and clogs computer networks, with the potential for hackers to take control of thousands of computers.
