Darren Miller
A friend called me one day and asked if I would stop by to look
at his computer. He said it was running abnormally slow and he
had found something on his hard-drive he could not explain. I
could almost guess what it was he found. Have I been hacked?
You see, his computer had been hacked. Actually, in his case,
his computer had been tagged. Similar to the image you see here:
Tag, You're It!
The file transfer protocol, commonly referred to as "FTP", has
been around for many years. In the early days of the Internet,
it was one of the few ways to easily upload and download files
from one computer to another. Many commercial operating systems
come with an FTP server installed. In other cases, the option
for FTP services is selected by a user when they are installing
or updating their operating system. If this service is not setup
properly, or you don't have an adequately configured software or
hardware firewall, it is an open invitation for a hacker or
intruder.
FTP Tagging - The most common purpose for someone to compromise
your FTP server is for the storage and distribution of illegally
obtained software and files. This could include cracked software,
stolen movies, audio files, and pornography. Removing this type
of contraband from your computer can be difficult, particularly
if you are using a Microsoft Windows platform. Hackers use
sophisticated scripts to create a maze of directory structures
to house their wares on your computer. They may use a combination
of names with spaces in them, and in some cases use extended
characters (characters outside the normal alpha-numeric
range). Deleting these directories through normal means may be
difficult, if not impossible, for the average user. Many people
wind up wiping their system and re-installing it, and that is if
they're lucky enough to find out their system has been
compromised.
The above is a perfect example of why the statement, "I'm not
worried about being hacked. What do I have that a hacker would
want?" is not a good position to take. The fact is, you do have
something they want, your computers resources. Why should a
hacker store tons of illegally obtained files on their systems
when they can use yours.
The Good, The Bad, And The Ugly
The Good
When I was young I use to spend hours upon hours on the Internet
Relay Chat, also know as the IRC. The IRC is another method of
Internet communication, which has been around for quite a long
time. When I was a frequent user of the IRC, it was just plain
fun. You would meet all kinds of people from all over the world.
It was the instant messenger of the time.
The Bad
Today, the IRC is a huge communications network. It is made up
of thousands of channels, and can be accessed by pretty much
any operating system platform. It is also a favorite means of
communication for hackers. They can discuss new exploits, methods
of compromise, and even send and receive files. Many hacker
groups use a cryptic language to communicate with each other on
the IRC channels. Unless you know the language constructs they
use, their conversations can look like a bunch of nonsense.
There are many exploits, backdoors, and Trojans that effect, or
are contained in, the myriad of IRC clients on the Internet.
Making sure you choose one that's relatively safe to use is not
an easy task. As an example, take a look at this list of IRC
safety and security info at:
http://www.irchelp.org/irchelp/security/
The Ugly
It's not just the exploits and security risks associated with
using the IRC, which need to concern you. If a hacker is able
to install an IRC relay agent on your computer, it can become
a conduit through which they communicate and distribute
information. In my line of work, I've identified many systems
with IRC backdoors or relay agents installed. The only thing
the end user typically experiences is a decrease in system
performance and Internet access.
Just Open The Door And Let Them In - Peer-to-Peer File Sharing
If a total stranger were to knock on your door, and ask to come
in to just hang out for awhile, would you let them in?; Most
likely not. If you're using peer-to-peer file sharing software
to locate and download files on the Internet, you're opening the
door to destruction. Many of the file sharing services and
software available on the Internet now tout themselves as being
"safe" and "clean". This is as far from the truth as you can get.
If you're a regular user of these services, the chance of your
computer being back-doored or hacked is significant.
If you have anti-virus software installed (and up-to-date),
you've undoubtedly received messages regarding viruses when
downloading files from peer-to-peer services. These are not
the only things you could be downloading. Many hackers imbed
root-kits in files and distribute them using peer-to-peer file
sharing. Root kits contain many types of tools used by hackers
to gain control over computers. If the installation of the kit
on your computer goes undetected and is successful, it's only
a matter of time before your computer is completely compromised.
I can't tell you how many times I've found company employees
(and technical personnel) using peer-to-peer file sharing
services. Any organization that permits this is putting itself
at risk. And, the risk is much greater as compared to a single
home computer because of the number of potential internal
targets.
Conclusion
Of course, the above is just a few examples of different methods
and types of computer compromise. There are many ways your
computer can be hacked. Your best defense is a good offense
along with education and awareness. When you configure your
computer make sure you enable only the software and services
that you need. Many programs have known exploits and / or
require additional steps be taken to adequately secure them.
Don't make the assumption that you are not a target just because
you don't think you have anything of interest on your computer.
If your computer becomes unstable or dramatically decreases in
performance, don't assume it's just a quirk or that it's time to
upgrade.
Make sure you have a software or hardware firewall in place to
protect you from the Internet. Your firewall should be configured
not to allow anonymous inbound access from the Internet. This is
the default configuration for most firewalls, but you should make
sure the one you are using is properly configured.
Make sure you have adequate virus and spyware protection, and
your pattern signatures are up-to-date. Many anti-virus
applications work on a subscription basis. It's not uncommon to
find out your subscription expired. If it is expired, your
software may not protect you from new and emerging threats.
And, do what ever you can to stay away from any type of Internet
peer-to-peer file sharing service. No matter how safe the
developer claims it is.
************************************
Darren Miller is an Information Security Consultant with over
sixteen years experience. He has written many technology &
security articles, some of which have been published in nationally
circulated magazines & periodicals. Darren is a staff writer for
http://www.defendingthenet.comand several other e-zines. If you would
like to contact Darren you can e-mail him at
darren.miller@paralogic.net
or defendthenet@paralogic.net .
If you would like to know more about computer security please
visit us at http://www.defendingthenet.com. If someone you know
has sent you this article, please take a moment to visit our site
and register for the free newsletter at
http://www.defendingthenet.com/subscribe.htm
Read More Business Articles
I'm Smartie: Get Me to YOUR Desktop. Just Click Here and 
