InfoWorld Home / Security Central / News / Hackers, virus writers take to war theme
March 21, 2003

Hackers, virus writers take to war theme

Web sites defaced, but devastating worms have not arrived

By Paul F. Roberts, IDG News Service | IDGNS
| Print | Add a comment|
Recommend This

The beginning of war in Iraq prompted a rash of protest hacking on the Internet, with new war-themed viruses and Web page defacements directed at U.S., U.K. and Australian interests. But the devastating new worms and viruses that were predicted by some have so far failed to materialize.

Unquestionably, the hostilities in Iraq have had ripple effects on the Internet, according to MikkoHyppönen, manager of antivirus research at F-Secure, of Helsinki, Finland.

Two new worms were discovered in the past two weeks with Iraq themes.

One, named Prune, arrives in e-mail messages with the subject "US Government Material - Iraq Crisis." An attachment named UN_Interview.txt.vbs launches the Visual Basic Script worm, which spreads copies of itself using e-mail, Internet Relay Chat (IRC) and network shares, according to F-Secure.

A second worm, Ganda, arrives in messages with a variety of subjects and messages, many of them linked to the tensions over Iraq such as "Spy Pics," purporting to contain pictures from U.S. satellites, and "G.W. Bush animation." Users are prompted to click on a Windows screen saver file attachment, launching the virus.

Web site defacements also spiked in the days leading up to war, according to F-Secure.

"We've seen a huge increase in the number of [Web site] defacements related to the Iraq crisis," Hyppönen said.

Web site defacements require hackers to compromise Web servers belonging to their targets, then replace the official Web page content with their own content, often inflammatory statements or political messages.

F-Secure recorded around 200 defacements in the 48 hours before hostilities began. On Friday, another 1000 sites were defaced, F-Secure said.

Many of the Web sites that were defaced belonged to U.S. and U.K. businesses or lesser-known branches of U.S. federal agencies.

The Web page for the U.S. National Center for Agricultural Utilization Research, part of the U.S. Department of Agriculture, and a Web-based e-mail portal belonging to the U.S. Navy were both defaced, as was the home page of Routeco PLC, a distributor of industrial automation and control products in the U.K.

Hundreds of defacements were attributed to Unix Security Guard (USG), a pro-Islamic hacking group, according to Hyppönen.

Related Content...
Sign In or Register to comment

Sign up to receive Security Resource Alerts

Subscribe to the Security Central Newsletter

The one-stop resource center for IT professionals.

White Paper

CA Security Management Solutions

A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.

Download now! »

White paper

Beyond Compliance: The Significant Benefits of Log Management

Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.

Download now! »

Webcast

Integrated Identity Compliance: Enabling Cost-Effective Role-Based Compliance

This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.

View now! »
©1994-2009 Infoworld, Inc.