“The distributed denial-of-service mystery is starting to
unravel. … A German university earlier today found an agent for
the Tribal Flood Network hacking tool on one of its servers and
quickly took the server offline… …the University of California
at Santa Barbara has also reported that it found hacking software
installed on one of its servers.”
“MyCIO.com, a new online business unit of security
giant Network Associates Inc., is providing a free service that
allows companies to scan their own networks for the agents that are
necessary to run a DDoS attack. The service, called Zombie
Scan, can be found at www.mycio.com.”
“[MyCIO.com CEO Zach] Nelson declined to name the
university, and it was unclear whether the server was using the Sun
Solaris or Linux operating system. (Reuters reported Friday
that German Internet service provider NetCologne, the target of a
hacker this week, traced the attack to a computer at a German
university and has filed a legal complaint.)”
“The three DDoS tools in wide distribution on the Internet rely
on known security vulnerabilities of Solaris and Linux. They scan a
network for holes. Once a hacker finds a weakness, he or she plants
the agent or ‘zombie’ software on the server. It’s that software
that allows the hacker to remotely take control of the server.”