- WASHINGTON (LAT-WP) -- For
a computer user, it is the ultimate security headache: A hacker has secretly
taken control of the computer and copied sensitive information such as
passwords and credit card numbers.
-
- Users often think the odds of getting hit by malicious
software are safely low, but there are more invasive and destructive programs
on the Web than ever before, computer security specialists say.
-
- In response to one of the latest attacks to become public,
the United States Securities and Exchange Commission arrested a college
student last week on charges that he hacked into someone else's computer,
logged on to his brokerage account, and left the victim with an investment
loss of more than US$40,000 (S$70,000).
-
- The student allegedly used a version of the Beast - software
that gave him control over the victim's computer.
-
- The Beast is an extension of legitimate software that
some people call 'spyware'. Some corporations use spyware to keep track
of what their employees are doing on company computers, and parents, to
peek at what their children are up to.
-
- Hackers are developing varieties of spyware for more
nefarious purposes. Setting up such programs does not require much know-how,
experts say. With a full-featured, user-friendly interface, Beast users
can dictate how the program will perform and conceal itself.
-
- Some hackers embed the software in Trojan Horse programs
that pass themselves off as something they are not. In the case of the
arrested student, the Beast was disguised as a program for tracking stocks.
-
- The number of Trojan Horse programs documented by computer
researchers is measured in the tens of thousands, and they can work in
many ways.
-
- Sometimes, Trojan Horses are sent as file attachments
claiming to be such things as a security update or a picture of a naked
tennis star. When a user opens it, the program installs itself and, typically,
sends an instant message to the hacker, transmits information that will
tell him how to find the compromised computer on the network, and then
awaits orders.
-
- The spyware will often shut off any anti-virus or firewall
software and establish an open communication channel.
-
- Once that has been done, a hacker might as well be sitting
at the victim's computer with a list of passwords in hand.
-
- Options on the Beast's interface give hackers the power
to turn off programs running on the victim's computer or see what's on
his screen at any time.
-
- A 'file manager' window gives the hacker access to any
files on the victim's hard drive. It can even eavesdrop on running webcams.
-
- Senior director Vincent Weafer of the incident response
team at Symantec said his company's security software can remove the Beast.
-
- But once the Beast is inside a computer, it can be 'very
difficult' to fight.
-
- If there's any good news, it's that users of spyware
can be easier to track down than those who unleash viruses, worms or other
online maladies. To spy, the software must stay put and communicate with
a computer at the other end.
-
- With the right tools, investigators can trace the communication
to its source.
-
- Copyright @ 2003 Singapore Press Holdings. All rights
reserved.
-
- http://straitstimes.asia1.com.sg/techscience/story/0,4386,215221,00.html?
|
