• PC World
• » Security

Many Ports of Entry

How do malicious hackers cause damage? They have access to increasingly sophisticated automated software tools that scour the Internet for vulnerable PCs. The tools locate an individual machine by its Internet Protocol address, a unique number that identifies a computer on the Net. Most computers equipped with dial-up connections have dynamic IP addresses: The Internet service provider assigns them a new IP address each time their users log on. By contrast, most high-speed connections, like DSL and cable modems, use constant or "static" IP addresses. In the unlikely event that a hacker decides to target you specifically, such a static address makes it easier to track you down.

An IP address identifies a computer but doesn't provide a way inside. To get in, the hacker must find an open port, or connection point. Think of an IP address as a computer's switchboard number and a port as an individual phone extension. Software on your PC creates ports to allow specific networking functions. Web access, for example, generally uses port 80, while FTP runs through port 21. Once they've targeted an IP address, hackers scan the machine for open ports, as happened to Allan Soifer.

Malicious hackers may also trick users into opening ports by sending Trojan horses. Mimicking the tactic invented by the wily Greek invaders of Troy, Trojan horses hide damaging cargo within a seemingly benign shell--in this case, an e-mail attachment or a download. When you double-click and open the shell, the hidden program sneaks out to wreak havoc on your computer. One of the best-known Trojan horses is "Back Orifice." (The name is a play on Microsoft's BackOffice network administration software.) Back Orifice surreptitiously opens a port on your PC that a hacker can then exploit to take control of your machine remotely.