Original URL (The Web version of article) --------------------------------------------- http://www.defendingthenet.com/NewsLetters/HowWillYourNetworkBeCompromised.ht

m

Title ----- How Will Your Network Be Compromised? Complex Hacking - Computer Compromise ------------------------------------------------------ Every time I attend a "Security Guru's" meeting, I'm amazed by how much time and effort is spent on discussing complex hacking and computer compromise of computer networks and systems.

One person is going on about latest "heap corruption" vulnerability and another is discussing man-in-the-middle techniques for compromising remote access systems. Most of these vulnerabilities are very difficult to successfully exploit. Some of them require specific host platforms, special tools, in-depth knowledge of many programming languages, and a lot of luck.

I'm not saying there are not tons of vulnerabilities and exploits like these, it's just that they are not always easy to take advantage of, and therefore, may not present themselves as high risk events for most organizations.

It's The Little Things The Will Get You Every Time -------------------------- During security assessments, there are times when I am able to successfully exploit a "technical" vulnerability to gain system or internal network access. For instance; during a recent assessment, I identified a web application server that appeared to be vulnerable to an IIS / ASP vulnerability that would allow an attacker to dump all .ASP code on server. After some effort and a little C/C++ code, I was able to take advantage of this exploit. After perusing through .ASP code on server, I was able to gain important information that resulted in comprise of an internal system.

However, reality is it is simple things that are biggest problem. Most times, internal network compromise is result of one or more of following:

The installation of a web support application that has little to no security features to begin with;

The installation of support software that has a well-known default password for admin account. And, person installing software never bothers to change password;

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks.

"Combating computer viruses is essentially a game of hide and seek," says Govind Rammurthy, CEO, MicroWorld Technologies, among leading Security Solutions providers. "Hackers riding piggyback on viruses have only a short window of opportunity to maximize their gain before viruses are detected, neutralized and logged into Virus Definition databases, 'vaccinating' system against those strains.

Without continuing system vulnerability caused by virus infection there is little they can do to further their malicious ends like stealing personal information, credit card details and other sensitive and vital data. To achieve their ends they need to keep system vulnerability going for more time. This co-ordinated Trojan threat is an attempt to keep that 'backdoor' open, essentially buying time," he concludes.

Of three, Glieder leads initial charge. It sneaks past anti-virus protection to download and execute files from a long, hard-coded list of URLs and "plant" infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disable Internet Connection Firewall and Security Center service (introduced with Windows XP Service Pack 2). Then Trojan accesses URL list to download Fantibag. The way is now paved to launch second stage of attack.