DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY /    ( Table of Contents )

Special Features:

PHATBOT TROJAN USES PEER-TO-PEER NETWORKS TO INFECT

A new, sophisticated hacker tool that models itself after controversial peer - to-peer networking programs like Kazaa is being carefully watched by computer security experts and government officials.

"Phatbot," which allows hackers to connect computers via P2P networks in order to consume bandwidth capabilities or send out mass spam e-mails, may have already infected hundreds of thousands of Windows computers worldwide.

Last week, the Department of Homeland Security issued an alert to certain computer experts warning them of Phatbot's ability to hack passwords and disarm antivirus software.

Web services, utility computing, .NET, CPU harvesting and distributed computing are just a few of the technologies that fall under the Grid computing umbrella. Gt04 -- a premiere enterprise Grid computing conference targeting industrial and commercial users -- will gather experts, and outline strategies and road maps for Grid deployment. For more information, visit www.gt04.com.

Grid computing is here!

Department officials, and the government-funded cyber-security monitoring agency US-CERT, verified the authenticity of the warning after a copy was sent to washingtonpost.com by two anonymous people from different companies.

Officials are concerned with Phatbot's various capabilities. It has the ability, for instance, to avoid antivirus detection by polymorphing on installation and spreading from system to system. It can also steal AOL account logins and passwords, as well as recover Paypal cookies from customers who purchase online.

Though officials have cataloged thousands of similar sneak attacks on unsecured computers, called Trojan horses, Phatbot represents a more sophisticated and formidable hacking tool.

Phatbot gains access to a computer through security flaws in the operation system. Commonly referred to as "backdoors," they often leave users unaware of the security breach.

However, Phatbot is harder to track than other Trojan horses, like MyDoom and Bagel for example, because it connects an infected computer to a large network and can run hacking programs through many various routes. Every infected computer must be tracked in order to deter the proliferation of Phatbot.

And although most antivirus products may detect Phatbot, the Trojan will have already infected the computer and begun to disable antivirus and firewall software tools. In addition, attempts to delete the Trojan may cause Phatbot to recreate itself and restart its initial spread throughout the network.

Some experts say such capabilities may result in the infection of hundreds of thousands of computers, though others project the number to be much higher.

A network administrator at the University of Twente in The Netherlands, for instance, estimates between 1 and 2 million computers could be infected. One Phatbot command makes infected computers test their Internet connection speed by sending a file to one of the 22 selected worldwide Web servers. This type of traffic could indicate hackers' new reliance on Phatbot, rather than the less advanced remote-access Trojans used previously. Hackers may be using this command in order to discover which computers could send the most amount of spam in the quickest manner.

Colleges and universities in the U.S. and Asia-Pacific area account for the majority of infections. Home user broadband connections are also being infected at an alarming rate.

There is no consensus yet on whether or not a complete Phatbot attack would be considered a disaster or mere disturbance. But if hundreds of thousands of computers are in fact infected, U.S. e-commerce could suffer greatly.

In February 2000, a young Canadian gained control of high-speed computers at University of California, Santa Barbara and brought down several popular websites for hours including CNN.com, Amazon, and eBay. And in October 2002, the 13 root servers that serve as the foundation for Internet traffic were attacked by hackers who commandeered other users' computers.

Phatbot is designed to link computers into groups of 50 or less, which would deter the tool from denying service to a large list of users. Instead, the Trojan will most likely be used for massive spamming initiatives.