IM hacker tool may threaten servers

A new hacking tool using the instant-messaging platform Internet Relay Chat (IRC) is rapidly spreading across the Internet and...

A new hacking tool using the instant-messaging platform Internet Relay Chat (IRC) is rapidly spreading across the Internet and has the potential to shut down Web servers.

Called Voyager Alpha Force, the tool has already been used to infect about 300 computers, according to various reports. But the biggest threat lies in its ability to be used in Distributed Denial of Service (DDoS) attacks.

"It is a malicious program you download from the Internet. It looks like it's an IRC bot. Though we don't have any numbers, and I don't believe the software has yet been used to bring a Web server down, we do know that it's gone around quite quickly," said John Safa, chief technical officer at BitArt, a Nottingham-based software security company.

Voyager Alpha Force infects computers running Microsoft's SQL Server database software, allowing rogue software to be sneaked on to computers. That software could then be instructed to send so many requests to a targeted Web server that it shuts down.

"It is really difficult to stop it because requests come from thousands of IP addresses, so many that the server is flooded and [the user ends up] being forced to bring the server down," Safa said.

"There is a blur going on right now between the hacking and the cracking community, and now hacking tools are utilising virus techniques," Safa said. "They can make it so that people are launching attacks without even knowing it, because the tool is hidden in the software and programs that they always use and trust. I think a lot of DDoS as an issue is getting swept under the carpet."

Some security experts have recommended that companies and users should protect themselves by changing default passwords and putting their servers behind firewall software to block unauthorised access. But Safa said he believed that such precautions would not be enough.

"There's got to be a new approach. Putting servers behind the firewall is not sufficient to protect anyone from an attack because a large enough DDoS can cause the firewall itself to fall over. What we are saying is that protection has to be built into the software," Safa said.

He recommended that companies lock down all the programs they are running that could be used to access the Internet - everything from Outlook Express to Photoshop - in order to keep them from being tampered with.

"It's fairly easy to do, but it does require a bit of discipline from not only the company but everyone using those programs," Safa said.

Read more on Business applications