FBI Unveils Movable Feast with 'Operation Bot Roast'
The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites.
The FBI used details it gleaned from an ongoing investigation called "Operation Bot Roast" to highlight a few recent arrests of individuals accused of running botnets and to raise public awareness about the problem, which the agency called "a growing threat to national security, the national information infrastructure and the economy."
Individual personal computers infected with remote-control software are known as "bots," and people who control these PCs herd them in 'botnets," which generally are large groups of centrally controlled machines that are used for criminal moneymaking schemes.
"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," FBI Assistant Director for the Cyber Division James Finch said in a statement. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised."
Estimates of the global bot problem vary widely. Symantec Corp. in a recent Internet Security Threat Report estimated that there are more than 6 million bot-infested PCs worldwide. Other experts, such as Georgia Tech's David Dagon, posit that the actual number of these compromised PCs is growing upward of 13 million.
The FBI said it is working with industry partners to notify the victims of the botted computers, ostensibly to glean evidence from the machines and to get them cleaned. However, it also warned people to be wary of scam artists who might use the incident to send e-mails disguised as messages from the FBI seeking personal or financial information.
The government named three individuals it has arrested or charged in connection with the investigation, one of whom was long-time spam king Robert Soloway. The FBI charged James Brewer of Arlington, Tex., with running a botnet of "tens of thousands of computers," at least some of which were located in Chicago-area hospitals.
Jason Michael Downey of Covington, Ky., is charged with conducting "distributed denial-of-service" attacks, which involve using a botnet to flood a Web site or network with so much junk Internet traffic that the target network either crashes or is rendered unavailable.
Security Fix dug up the charging document on Downey showing that he may be the administrator of an Internet server called Yotta-Byte.net, which, according to anti-virus vendor Trend Micro, was the server used to control a botnet infected by a particularly nasty version of the Agobot worm. The worm family has spawned thousands of variants and goes by a few other names, including "Phatbot." In spring 2004, washingtonpost.com ran my story about a version of phatbot that was estimated to have infected between 1 million to 2 million computers.
The comments to this entry are closed.