The Department of Justice and FBI today said ongoing investigations have identified over 1 million botnet crime victims. The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.
The FBI and Justice Dept. have an ongoing cyber crime initiative to disrupt and dismantle botherders known as Operation Bot Roast. To date, the project has nabbed:
* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide.
* Jason Michael Downey of Covington, Kentucky, is charged with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems.
* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products.
Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be.
Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.
Google researchers recently said at least one in 10 web pages is booby-trapped with malware. Google's Ghost in the Browser study looked at over 4.5 million Web pages, and found that 10% of them were capable of activating malicious codes and 16% were suspected to contain codes that might be a threat to computers.
Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy, the FBI said.
"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," said FBI Assistant Director for the Cyber Division James Finch. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised."
Layer 8 is Network World's daily home for the not-just-networking news.
Contact Layer 8
Layer 8 archive
|
|
Bots
I know someone who runs a botnet, he puts his botnet executable inside "cracked" warez, then offers it on various warez forums and on IRC. The people who install the software are infected and brought into his botnet. When will people stop downloading "warez" thinking it's just software cracked by individuals trying to thumb their nose at the software industry. When you buy an official Windows CDROM from Microsoft or a CDROM from Adobe, you know that their CDROM is not infected with viruses.
detecting bot infection?
How can you tell if you're infected? Do these infected computers have antivirus software and still get infected? Spreading prevention tips would be really smart.
re: detecting bot infection?
The best way is to run an anti-virus program. Most will catch them. The big 3, Norton/Symantec, McAfee, and Trend Micro, are vulnerable to some that are designed to avoid detection, but the smaller players, such as BitDefender, Nod32, and Kapersky, are able to detect and defeat many that the big 3 can't. Personally, I run Nod32, and ran BitDefender for the last 2 years. They aren't too expensive and work quite well. I just switched to Nod32 because BitDefender didn't have a version that would work on a 64-bit OS.
Nobody should ever run a computer without Anti-virus software. It just makes their computer a hazard to everyone else.
anti virus provides only false sense of security
Thinking that your safe just because you use one of these so called big three is false economy at best, and at worst, plain stupid. You're simply buying into marketing hype. Virus programmers actively target and disable these safeguards. And they're very VERY good at it.
Ever got a virus/spyware/malware that you're just unable to get rid of? That's because its a new viral strain and the anti virus program doesn't recognise it can't defeat it, simply because the virus is running in kernel space and has the same system privileges as any anti virus program, ergo it has the ability to overwrite/destroy/disable your norton, McAfee. There's not one on the market thats totally effective against all malware.
And make no mistake, once your system is compromised, its compromised. Wipe the disk and start again if you want to be totally sure.
Anti virus software looks for suspicious kernel hooking activity, and build up huge code signature databases that require constant updating.
A poor solution aimed at making money off people who don't understand the problem. And they're laughing all the way to the bank. Especially when popular opinion reads like the comment above!
A better approach might be security through obscurity. Virus programmers/malware programmers are going for market share. And M$ has what, about 80+ % OS market penetration?
Simple numbers. Why devote all your time to coding something that has the potential to infect only a small percentage of hosts on the net? Its a simple numbers game.
Of those hosts connected to the internet, there are approx 80% running Windows. Of those 80% , say 70-90% haven't got a clue about computer security. Maybe they have a pirated copy of windows, so they've got automatic updates switched off, so their system is unpatched and vulnerable.
So install an obscure operating system, learn how to configure a firewall, and look for code audited software.
I would agree with the comment to stay away from crack files, keygens etc. They're riddled with malware infection.
Nobody should ever run a M$
Nobody should ever run a M$ Windoze computer without Anti Virus software
Running Antiviral Software? Why bother?
Why don't these reporters simply observe that this is not a problem with Macs? It is just another easily exploitable security hole in Windows operating systems that Mac users do not experience.
We all just shake our heads and wonder, "What's wrong with these people?"
I guess it really is easy to ignore the elephant in the room.
Jim
There's nothing special about the Mac OS
It's just not a big enough target yet. So don't tell too many people about it.
Keep it secret, Keep it safe!
Network World article on that coming in July
We've got a big story coming out, scheduled for July 9, that covers how to defend your network against bots. It is more complicated than running antivirus software -- though certainly that's a part of it. The bot hunting folks say that avoiding bots is really the best way. There's a number of ways to do that. So stay tuned ...
July 9th Protect your network
One thing I learned early in my career is that you can not scan an infected computer from an infected computer. The lie the AV companies tell you is you can.
The best way is to use a computer that is not infected and attach the suspected infected computer's hard drive to the clean one. Run the scan from the clean one and you will have valid results. Otherwise obfuscation of the offending malware/bot/virus/rootkit is possible.
When all else fails I run housecalls from trend micro. That will at least start things off as it is an internet scan of the possibly infected computer.
Rodney Wise
If you don't ask, the answer is always no.
You know you're infected if...
If you are surfing the web with IE, you are most likely infected with with a rootkit-protected malware. Your antivirus is not able to help because the rootkit prevents the AV from detecting the malware.
If you are using a Windows machine that has a routable IP address, you are definitely owned.