If an online intruder has infiltrated your Windows PC, you may notice recurring slowdowns of e-mail and Web browsing, or you may notice nothing at all. Always use a personal firewall and keep security patches up to date. As of early November, all new Windows XP PCs come with Service Pack 2, which includes a firewall and automatic patching. Owners of Windows XP PCs purchased earlier than that should download Service Pack 2 from www.microsoft.com/athome/ security/protect/default.aspx. Users of older versions of Windows can get security tips at that same Web site. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.
Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm.
The experiment involved monitoring six “honeypot” computers for two weeks — set up to see what kind of malicious traffic they would attract.
The test did not measure Web attacks that require user participation, namely spyware, which gets spread by visiting contagious Web sites, or e-mail viruses, which proliferate via e-mail attachments.
However, the results vividly illustrate how automated cyberattacks have come to saturate the Internet with malicious programs designed to take the quickest route to break into your PC: through security weaknesses in the PC operating system.
“It’s a hostile environment out there,” says tech security consultant Kevin Mitnick, who served five years in prison for breaking into corporate computer systems in the mid-1990s.
Test results underscored the value of keeping up to date with security patches and using a firewall.
Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once.
They included: four Dell desktop PCs running different configurations of the Window XP operating system, an Apple Macintosh and a Microtel Linspire, which uses the Linux operating system.
10:52:08 Less than four minutes from start of the test, an intruder breaks into Windows XP SP1 through the vulnerability most famously exploited by last May’s Sasser worm.
11:03:30 Eleven minutes later another intruder breaks into XP SP1 through the security hole exploited by the July 2003 MS Blaster worm.
He confirms XP SP1 is connected to the Internet, then begins making repeated attempts to connect XP SP1 to a server running an Internet Relay Chat channel, the equivalent of a private Instant Messaging line.
While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server.
To hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers.
“Downloading and using other exploits, performing denial-of-service attacks, running spam-relay tools, running identity-theft tools are all very common activities of compromised machines,” says Martin Roesch, chief technology officer at tech security firm Sourcefire.
http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm