Potential Source of Future DDos Attacks

Hackers force credit card processor to warn customers about bots that could turn servers into zombie-like drones, launching DoS attacks.

by Beth Cox of internetnews.com [December 24, 2001]

An Arizona credit card processing company has warned its customers about a security breach caused by hackers that might allow its customers' Web server computers to be used in a DoS attack on other computers.

The company, Credit Card Billing LLC (CCBill) of Tempe, Ariz., reportedly advised its customers to change their passwords and search for bots called "eggdrop" that are designed to listen for instructions via an IRC channel, according to a Reuters report.

Once activated, the bots could swing into action, turning hacked Web servers into zombie-like drones that could be used to take down other Web sites.

Dayne Jordan, co-owner of Complete Web, a Columbus, Ohio-based ISP, was quoted as saying "The bots are sitting there and waiting. If someone comes into the channel and executes the right command these machines could be used to launch a huge distributed denial-of-service attack."

Alan Paller, research director of the System Networking, Administration and Security Institute, called the hack a "really bad infestation."

In addition to the bots that could be used to turn the Web servers into zombies, administrative user names and passwords of CCBill's Web site customers and user names and passwords of their customers may have been exposed, according to Jordan.

Jordan was quoted as saying that he informed CCBill of the problem Monday night after receiving a tip from someone else. Nearly 20 of his own customers had been hacked, all of them CCBill users, he said.

In its e-mail to customers, CCBill said it had corrected the source of the problem and was working to discover who was behind the hack.

The disclosure follows Thursday's report that Microsoft Corp. has posted a "critical" security patch for Windows XP.

— End