Introduction to Autorooters: Crackers Working Smarter, Not Harder

Efficiency and automation: one can argue that they are two of the most valuable by-products of any technology. There is little doubt that the electronic tools of today allow us to get more done in less time. We use software to eliminate tedious work, reduce man-hours, and sift through mounds of data in seconds. Crackers, as we know, are smart... and lazy. It should come as no surprise then that they too, have employed technology to reduce their workload. The result? A type of malicious code known as autorooters, programs designed to automatically scan and attack target computers at blistering speeds.

A successful autorooter will give crackers what they want: complete control of a target machine with little effort, fast. Scanning networks for vulnerable machines, gaining unauthorized administrative access, installing backdoors, all the tricks of the trade, can all be achieved at the click of a button. In this article we'll explore the concepts behind autorooters and what can be done to defend against them.

The term "autorooter" is based on security lingo for successfully cracking and gaining privileged access to a machine. The act, known as "rooting" a system, originates from the name of the administrative account on a Unix box - "root". The "auto" prefix stems from the fact that these devices essentially package, or automate, the cracking process from start to finish. They can be designed to scan a network for vulnerable machines or attack everything they come across. Once a machine is successfully compromised, or rooted, any type of malicious code can be installed and configured: data might be captured (using a tool known as a sniffer), Web pages defaced, servers installed. Some autorooters are finished after sending the results back to the cracker, others may install zombies that await further instructions from the attacker, such as IRC-controlled denial of service slaves.

The link for this article located at SecurityFocus is no longer available.