SAN FRANCISCO (Reuters) - A company that processes credit card transactions for Web sites confirmed on Thursday that customer Web server computers have been hacked and could be used in a massive Internet attack on other computers.
CCBill LLC of Tempe, Arizona, issued a statement to all of its customers warning them of the security breach. In an e-mail, the company urged its customers to change their server passwords and search their systems for stealth software called a "bot" that could be hidden in the system.
The bot, dubbed "eggdrop," is designed to listen for instructions via an Instant Relay Chat channel, said Dayne Jordan, co-owner of CompleteWeb, a Columbus, Ohio-based Internet Service Provider.
Once activated, they could swing into action, turning hacked Web servers into unwitting drones that could be used to take down major Web sites.
On Thursday afternoon there were about 1,200 bots in the IRC channel, Jordan said, despite claims of CCBill that only a "minimal percentage" of its customers had been hacked.
"The bots are sitting there and waiting. If someone comes into the channel and executes the right command these machines could be used to launch a huge distributed denial-of-service attack," he added.
In a denial-of-service attack, multiple servers are remotely commanded to flood a particular Web site with so much traffic that it is rendered inaccessible to legitimate Internet traffic. Such a concerted attack from numerous drone computers shut down a handful of sites including Yahoo and eBay in February 1999.
Alan Paller, research director of the System Networking, Administration and Security Institute, called the hack a "really bad infestation."
In addition to the bots that could be used to turn the Web servers into zombies, administrative user names and passwords of CCBill's Web site customers and user names and passwords of their customers have possibly been exposed, according to Jordan.
everybody here who's helping with eggdrop are crimenals's
<font size=-1>[ This Message was edited by: bobjuh on 2001-12-21 15:48 ]</font>
