Now you know about Herman. I got him ready to find a system.
The first system was sometimes the hardest to get into, since it had to be done sort of manually. Well, not totally manually, since I had another program whose job it was to insert Herman into a system, erasing all traces of the insertion.
This is not as hard as it sounds. Internet security, even with all the publicity about security holes and exploits and patches, is not as secure as everyone thinks. And with the rise of full-time home connections to the Net, security is even worse, not better.
You would think that security on a commercial server, such as a web server for a company, would be a bit tighter. Again, not true. Although there are some systems that have full-time network support staff, there are lots of systems that rely on self-proclaimed network security consultants, and even more systems that are run as an afterthought by an employee who is just slightly more computer literate than the boss. And then there are all the users out there who blindly open any file that is attached to a mail message.
If you could look at any of the anti-virus vendor sites, if any are still available after the Problem, you would see plenty of ways to get a 'worm' into a network. You just need to create an email message that has an interesting subject, attach a file that also looks interesting, and there are bound to be thousands of people that will open the attached file (your 'worm') out of curiosity.
This is 'social engineering' at it's best. Social engineering is a prime way to get into a system. An example would be to call up any company employee, and tell them you are running a security check on the system. You need to get their user name and password to verify a possible intrusion into their system. With a bit of convincing, it's easy to get the information you want. One good user name can get you into the system, and then a bit of hacking can usually get you into administration level access.
Here's another example of social engineering into a system. Call up the receptionist of a company, and ask for the names of a few people in sales and network support. Most user names are based on the person's name, and their Internet mail address is usually based on their real name. Create a mail message, attach your worm, and send it off to a group of people in the company. (You can easily find out the mail server's name just by asking for email addresses.)
When the user gets the mail, chances are that they will open the attached file. The worm installs itself on the user's workstation, and silently probes into the network for administrative (or "root level") access. There are lots of variations of social engineering, and they usually work.
"Herman" was a very sociable program, and very cleverly designed, if I say so myself. Herman attaches to one of the operating systems processes (I can't tell you the exact name, that's my secret). That process runs each time the computer starts, so Herman is always on that system. Herman likes to visit other computers, and install clones into those systems. Eventually, he finds a user with system adminstrator privileges, and that system is used to install his 'server' version onto the network servers and routers.
Herman is not always successful; some networks are actually secure and kept patched with the latest security patches. Herman is smart enough to remove himself from those systems. There are enough insecure systems out there to infect that Herman doesn't have to try to get into a more secure system.
You 'techies' out there know that a Herman program can be quite smart, if properly written. And I know how to do that; I've been working with computer systems and networks for a long time. In fact, you might recall that there were several instances of 'worm attacks' on the Net. Some of them were highly publicized, like the attack on Yahoo, and the so-called "Code Red" and "Nimda" worms. Those are two that you might have read about, or even experienced. But Herman is a lot more low-profile. He doesn't like publicity, since that just makes his job harder. He doesn't deface web sites; that's just childish, like graffiti 'artists'. He doesn't boast about his exploits on hacker sites. The high-profile worms and viruses aren't the ones that you have to worry about the most. It's programs like Herman that can be the most worrisome.
I want to make it clear that Herman was not the cause of the Problem, or any of the other attacks on the Internet, like the "Denial of Service" attacks. His job was to help me gather information about the Problem. To do this, he had to get into lots of systems, and he had to get 'root access', or administrator-level privileges. And he was very good at that, and he was very stealthy.
Herman did his job well. He got into systems, got root-level access, searched for viral routers, and 'phoned home' with his results.