Fair use policy applies
http://www.newscientist.com/news/news.jsp?id=ns99996529
A US computer programmer has created a software robot that uses instant messenger – a program that allows people to exchange messages over the internet in real time - to control a computer remotely.
So-called “chatterbots” have been created in the past, allowing programmers to use IM to automatically upload files from their computer. But “Nmapbot", created by Virginia-based Abe Usher, is the first that allows someone to scan a remote network for machines that could be hacked into. Nmapbot also allows a hacker to use compromised machines to launch a denial of service attack.
Usher has released the bot to highlight potential security risks posed by IM. But he says that Nmapbot is also a useful tool for computer security personnel, allowing them to patrol networks from out of the office using a PDA or cellphone equipped with IM.
“This is one of those dual-use tools that can be used for good and for evil,” says Ron Gula, chief technology officer at intrusion detection firm Tenable Network Security in Columbia, Maryland.
Command line
Nmapbot participates in IM chat sessions by waiting for certain commands and then carrying out the specified action. To control a computer remotely, that machine must already have Nmapbot installed. That could be achieved using a computer virus, a direct hack or by duping an unwitting user to install it themselves, says Gula.
Commands that Nmapbot responds to include running Nmap, software that scans for machines that have “open ports” which hackers could use gain access to a computer. Nmap also probes what programs the machines are already running, providing clues to hackers as to how hard the machine might be to invade.
While most companies and universities have firewalls that block port scans, Gula says that Nmapbot would be dangerous if it was downloaded on a computer within a firewall. Then the hacker could access the computer remotely over IM, which is not blocked by firewalls, and start the port scan from within the network. “Using IM enables a hacker to tunnel through the firewall,” he explains.
Faked ping
Similarly Nmapbot is also capable of issuing “pings”. These are packets of data sent from one computer to another to probe that it is still active on the network. The computer that receives a ping just sends back the data, confirming its presence.
In the past, pings have been used to carry out denial-of-service attacks, where a target computer is flooded with data in an attempt to paralyse it. Attackers send very large pings to every computer on the network but fake the “from” address so that the computers all reply to the target machine. For this reason, firewalls often block pings too, but if the ping comes from within network, it could get through, says Gula.
However, Johannes Ullrich, of the SANS Internet Storm Center in Quincy Massachusetts, says that while the bot is a “cute” way to talk to computers remotely, it does not give hackers any new capabilities.
For example, spammers have been using Internet Relay Chat, another much older protocol that enables real time chat, to control armies of zombie computers for several years. More recently, they have also started using peer-to-peer networks. Nonetheless, “the potential is there to control a vast army of IM bots through one master controller,” says Usher.
http://www.newscientist.com/news/news.jsp?id=ns99996529
A US computer programmer has created a software robot that uses instant messenger – a program that allows people to exchange messages over the internet in real time - to control a computer remotely.
So-called “chatterbots” have been created in the past, allowing programmers to use IM to automatically upload files from their computer. But “Nmapbot", created by Virginia-based Abe Usher, is the first that allows someone to scan a remote network for machines that could be hacked into. Nmapbot also allows a hacker to use compromised machines to launch a denial of service attack.
Usher has released the bot to highlight potential security risks posed by IM. But he says that Nmapbot is also a useful tool for computer security personnel, allowing them to patrol networks from out of the office using a PDA or cellphone equipped with IM.
“This is one of those dual-use tools that can be used for good and for evil,” says Ron Gula, chief technology officer at intrusion detection firm Tenable Network Security in Columbia, Maryland.
Command line
Nmapbot participates in IM chat sessions by waiting for certain commands and then carrying out the specified action. To control a computer remotely, that machine must already have Nmapbot installed. That could be achieved using a computer virus, a direct hack or by duping an unwitting user to install it themselves, says Gula.
Commands that Nmapbot responds to include running Nmap, software that scans for machines that have “open ports” which hackers could use gain access to a computer. Nmap also probes what programs the machines are already running, providing clues to hackers as to how hard the machine might be to invade.
While most companies and universities have firewalls that block port scans, Gula says that Nmapbot would be dangerous if it was downloaded on a computer within a firewall. Then the hacker could access the computer remotely over IM, which is not blocked by firewalls, and start the port scan from within the network. “Using IM enables a hacker to tunnel through the firewall,” he explains.
Faked ping
Similarly Nmapbot is also capable of issuing “pings”. These are packets of data sent from one computer to another to probe that it is still active on the network. The computer that receives a ping just sends back the data, confirming its presence.
In the past, pings have been used to carry out denial-of-service attacks, where a target computer is flooded with data in an attempt to paralyse it. Attackers send very large pings to every computer on the network but fake the “from” address so that the computers all reply to the target machine. For this reason, firewalls often block pings too, but if the ping comes from within network, it could get through, says Gula.
However, Johannes Ullrich, of the SANS Internet Storm Center in Quincy Massachusetts, says that while the bot is a “cute” way to talk to computers remotely, it does not give hackers any new capabilities.
For example, spammers have been using Internet Relay Chat, another much older protocol that enables real time chat, to control armies of zombie computers for several years. More recently, they have also started using peer-to-peer networks. Nonetheless, “the potential is there to control a vast army of IM bots through one master controller,” says Usher.
