For a computer user, it's the ultimate security headache: A hacker has secretly taken control of the computer and copied sensitive information such as passwords and credit card numbers.
Users often think the odds of getting hit by malicious software are safely low, but there are more invasive and destructive programs on the Web than ever before, computer security specialists say. In response to one of the latest attacks to become public, the Securities and Exchange Commission arrested a college student Thursday on charges that he hacked into someone else's computer, logged onto his brokerage account, and left the victim with an investment loss of over $40,000.
The student allegedly used a version of the Beast -- software that gave him control over the victim's computer.
The Beast is an extension of legitimate computer software that some people call "spyware." Some corporations use spyware to keep track of what their employees are doing on company computers. Parents have bought versions to peek at what their children are up to online. It is even marketed as a way to check up on Web wanderings of an errant spouse.
Hackers are developing their own varieties of spyware for more nefarious purposes. Setting up a program such as the Beast doesn't require much computer know-how, computer experts say. With a full-featured, user-friendly interface, Beast users can dictate how the program will perform and conceal itself with a few mouse clicks.
"Each one of our applications goes through vigorous testing by our dedicated testers before released to you!" proclaims one Web site offering the software.
If that testing hasn't been thorough enough, support sites feature advice, chat rooms and fixes for their malfunctioning software. At one Web site featuring the Beast, a developer of the program offers to customize the program for users for a "small donation" of $120; he or she gently urges purchasers not to resell the Beast software.
Some hackers embed the software in Trojan horse programs that pass themselves off as something they are not. In the case of the student arrested Thursday, the Beast was disguised as a program for tracking stocks. The student, Van T. Dinh, 19, was accused of offering the tracking program online as a free download, and when one investor decided to try it, the software surreptitiously installed itself on the victim's computer.
The number of Trojan horses documented by computer researchers is measured in the tens of thousands and they can work in many ways.
Sometimes, Trojan horses are sent as file attachments claiming to be such things as a security update or a picture of a naked tennis star. When a user opens such an attachment, the program installs itself and, typically, sends an instant message to the hacker who sent it. The program transmits information that will tell its controller how to find the compromised computer on the network, and then awaits orders.
The spyware often is designed to shut off any anti-virus or firewall software it detects and establish an open communication channel.
Once that has been accomplished, a hacker might as well be sitting at the victim's computer with a list of passwords in hand. Options on the Beast's interface give hackers the power to turn off programs running on the victim's computer or to see what is on the victim's screen at any time. A "file manager" window gives the hacker access to any files on the victim's hard drive. It can even eavesdrop on running Web cams.
Vincent Weafer, senior director of the incident response team at Symantec Corp., said his company's security software, when it's running, can remove the Beast. But once the Beast is inside a computer it can be "very difficult" to fight.
If there's any good news for computer users, it's that users of spyware software can be easier to track down than those who unleash viruses, worms or other online maladies. To spy, the software must be able to stay put and communicate with a computer at the other end. With the right tools, investigators can trace the communication to its source.
"We don't catch up with viruses till they're eight or nine steps down the road," David Perry, global director of education at Trend Micro Inc. "A virus erases its own tracks. The Trojan horse just stays there, and that makes it easier to catch."
http://www.washingtonpost.com/wp-dyn/articles/A10515-2003Oct10.html
Users often think the odds of getting hit by malicious software are safely low, but there are more invasive and destructive programs on the Web than ever before, computer security specialists say. In response to one of the latest attacks to become public, the Securities and Exchange Commission arrested a college student Thursday on charges that he hacked into someone else's computer, logged onto his brokerage account, and left the victim with an investment loss of over $40,000.
The student allegedly used a version of the Beast -- software that gave him control over the victim's computer.
The Beast is an extension of legitimate computer software that some people call "spyware." Some corporations use spyware to keep track of what their employees are doing on company computers. Parents have bought versions to peek at what their children are up to online. It is even marketed as a way to check up on Web wanderings of an errant spouse.
Hackers are developing their own varieties of spyware for more nefarious purposes. Setting up a program such as the Beast doesn't require much computer know-how, computer experts say. With a full-featured, user-friendly interface, Beast users can dictate how the program will perform and conceal itself with a few mouse clicks.
"Each one of our applications goes through vigorous testing by our dedicated testers before released to you!" proclaims one Web site offering the software.
If that testing hasn't been thorough enough, support sites feature advice, chat rooms and fixes for their malfunctioning software. At one Web site featuring the Beast, a developer of the program offers to customize the program for users for a "small donation" of $120; he or she gently urges purchasers not to resell the Beast software.
Some hackers embed the software in Trojan horse programs that pass themselves off as something they are not. In the case of the student arrested Thursday, the Beast was disguised as a program for tracking stocks. The student, Van T. Dinh, 19, was accused of offering the tracking program online as a free download, and when one investor decided to try it, the software surreptitiously installed itself on the victim's computer.
The number of Trojan horses documented by computer researchers is measured in the tens of thousands and they can work in many ways.
Sometimes, Trojan horses are sent as file attachments claiming to be such things as a security update or a picture of a naked tennis star. When a user opens such an attachment, the program installs itself and, typically, sends an instant message to the hacker who sent it. The program transmits information that will tell its controller how to find the compromised computer on the network, and then awaits orders.
The spyware often is designed to shut off any anti-virus or firewall software it detects and establish an open communication channel.
Once that has been accomplished, a hacker might as well be sitting at the victim's computer with a list of passwords in hand. Options on the Beast's interface give hackers the power to turn off programs running on the victim's computer or to see what is on the victim's screen at any time. A "file manager" window gives the hacker access to any files on the victim's hard drive. It can even eavesdrop on running Web cams.
Vincent Weafer, senior director of the incident response team at Symantec Corp., said his company's security software, when it's running, can remove the Beast. But once the Beast is inside a computer it can be "very difficult" to fight.
If there's any good news for computer users, it's that users of spyware software can be easier to track down than those who unleash viruses, worms or other online maladies. To spy, the software must be able to stay put and communicate with a computer at the other end. With the right tools, investigators can trace the communication to its source.
"We don't catch up with viruses till they're eight or nine steps down the road," David Perry, global director of education at Trend Micro Inc. "A virus erases its own tracks. The Trojan horse just stays there, and that makes it easier to catch."
http://www.washingtonpost.com/wp-dyn/articles/A10515-2003Oct10.html
