A trio of computer viruses work together to knock out a PC’s defences before turning machines into drones that hackers can control.
Anti-virus experts say the multi-stage strategy for infecting vulnerable computers could create a vast army of “zombie” machines capable of crippling commercial websites or churning out large quantities of spam email.
The viruses deliver a triple whammy – progressively breaking down a computer’s defences rather than punching through them in one go. Analysts say the bugs could creep through defences gradually and warn that they represent an unprecedented convergence of “malware” – malicious software.
“It is a very deliberate strategy to disarm defences on a massive number of machines and quickly turn these into a zombie army,” says Simon Terry, vice president of security strategy at the UK-based company Computer Associates.
The first line of attack is a Trojan program called “Glieder” that arrives in an email and activates when a user double-clicks on the attachment – triggering a chain reaction designed to take the computer hostage.
Several new variants of Glieder were released in rapid succession on Friday in an effort to reach as many machines as possible, anti-virus companies say.
Once installed, Glieder tries to download two more programs from a long list of web addresses. This makes the computer more vulnerable to attack from the two follow-on Trojan programs.
The second Trojan, known as Fantibag, deactivates anti-virus and other security software and blocks access to security-related websites, opening up the computer to infection. The final bug, “Mitglieder”, completes the attack by installing a program that can be used to control the machine remotely.
Anti-virus companies warn that the release of these cooperative programs is meant to generate an army of remote-controlled, or “zombie” PCs.
Hackers use zombie machines to extort money from commercial websites by threatening them with an overwhelming amount of web traffic, which would force them offline. Spammers also use these machines to send out spam that is much harder to block at source.
“There is definitely a criminal element behind the design and functionality of these viruses,” Terry adds. “Zombie machines are sold on an underground equivalent of eBay.”
By Will Knight