Most attacks based on automated scripts.

A PC connected to the internet will be attacked by hackers every 39 seconds on average, new research has revealed.

A study by the A. James Clark School of Engineering at University of Maryland found that hack attacks now occur at a "near-constant rate".

The study, conducted by assistant professor Michel Cukier, profiled the behaviour of 'brute force' hackers to determine which usernames and passwords are tried most often, and what hackers do when they gain access to a computer.

"Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time looking for vulnerabilities," he said.

"Our data provides quantifiable evidence that attacks are happening all the time to computers with internet connections. The computers in our study were attacked, on average, 2,244 times a day."

Cukier and two of his graduate students, Daniel Ramsbrock and Robin Berthier, set up weak security on four Linux computers with internet access, and recorded what happened as the individual machines were attacked.

The vast majority of attacks came from relatively unsophisticated hackers using 'dictionary scripts', a type of software that runs through lists of common usernames and passwords attempting to break into a computer.

'Root' was the top username guess by dictionary scripts, and was attempted 12 times as often as the second-place 'admin'.

Successful root access would open the entire computer to the hacker, while 'admin' would grant access to somewhat lesser administrative privileges.

Other top usernames in the hackers' scripts were 'test', 'guest', 'info', 'adm', 'mysql', 'user', 'administrator' and 'oracle'. Cukier advised that all of these should be avoided as usernames.

The researchers that found the most common password-guessing ploy was to re-enter or try variations of the username; some 43 per cent of all password-guessing attempts simply re-entered the username.

The username followed by '123' was the second most-tried choice. Other common passwords attempted included '123456', 'password', '1234', '12345', 'passwd', '123', 'test' and '1'.

These findings support the warnings of security experts that a password should never be identical or even related to its associated username, according to Cukier.

"The scripts return a list of 'most likely prospect' computers to the hacker, who then attempts to access and compromise as many as possible," he said.

"Often they set up 'back doors', undetected entrances into the computer that they control so they can create botnets for profit or disreputable purposes."

Copyright © 2009 v3.co.uk