FBI: Operation Bot Roast finds over 1 million botnet victims

GooeyGUI

Senior member
Aug 1, 2005
688
0
76
http://www.networkworld.com/community/?q=node/16193


The Department of Justice and FBI today said ongoing investigations have identified over 1 million botnet crime victims. The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.

The FBI and Justice Dept. have an ongoing cyber crime initiative to disrupt and dismantle botherders known as Operation Bot Roast. To date, the project has nabbed:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide.

* Jason Michael Downey of Covington, Kentucky, is charged with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems.

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products.

Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be.

Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.

Google researchers recently said at least one in 10 web pages is booby-trapped with malware. Google's Ghost in the Browser study looked at over 4.5 million Web pages, and found that 10% of them were capable of activating malicious codes and 16% were suspected to contain codes that might be a threat to computers.

Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy, the FBI said.

"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," said FBI Assistant Director for the Cyber Division James Finch. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised."

I wonder if notification will be sent to victims outside of the US. It's scary to think one in ten web pages are booby-trapped with malware. I guess I'll not surf anywhere without checking the system every day.

:(

 

ric1287

Diamond Member
Nov 29, 2005
4,845
0
0
Originally posted by: GooeyGUI
http://www.networkworld.com/community/?q=node/16193


The Department of Justice and FBI today said ongoing investigations have identified over 1 million botnet crime victims. The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.

The FBI and Justice Dept. have an ongoing cyber crime initiative to disrupt and dismantle botherders known as Operation Bot Roast. To date, the project has nabbed:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide.

* Jason Michael Downey of Covington, Kentucky, is charged with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems.

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products.

Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be.

Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.

Google researchers recently said at least one in 10 web pages is booby-trapped with malware. Google's Ghost in the Browser study looked at over 4.5 million Web pages, and found that 10% of them were capable of activating malicious codes and 16% were suspected to contain codes that might be a threat to computers.

Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy, the FBI said.

"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," said FBI Assistant Director for the Cyber Division James Finch. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised."[/Q]

I wonder if notification will be sent to victims outside of the US. It's scary to think one in ten web pages are booby-trapped with malware. I guess I'll not surf anywhere without checking the system every day.

:(

which are what exactly?
 

Juddog

Diamond Member
Dec 11, 2006
7,852
6
81
Originally posted by: GooeyGUI
http://www.networkworld.com/community/?q=node/16193


The Department of Justice and FBI today said ongoing investigations have identified over 1 million botnet crime victims. The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.

The FBI and Justice Dept. have an ongoing cyber crime initiative to disrupt and dismantle botherders known as Operation Bot Roast. To date, the project has nabbed:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide.

* Jason Michael Downey of Covington, Kentucky, is charged with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems.

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products.

Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be.

Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.

Google researchers recently said at least one in 10 web pages is booby-trapped with malware. Google's Ghost in the Browser study looked at over 4.5 million Web pages, and found that 10% of them were capable of activating malicious codes and 16% were suspected to contain codes that might be a threat to computers.

Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy, the FBI said.

"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," said FBI Assistant Director for the Cyber Division James Finch. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised."

I wonder if notification will be sent to victims outside of the US. It's scary to think one in ten web pages are booby-trapped with malware. I guess I'll not surf anywhere without checking the system every day.

:(

I have actually run into this at a few people's systems that I worked on. In each case, Trend / Symantec didn't remove the infection and I had to do it manually, in a few cases their computer got re-imaged.

Nothing like doing a netstat /all and seeing about 150 lines of cable modem IP addresses!
 

rivan

Diamond Member
Jul 8, 2003
9,677
3
81
I got a chuckle out of the term 'botherder'.

Think Han Solo would take offense to being called one?
 

torpid

Lifer
Sep 14, 2003
11,631
11
76
Originally posted by: George P Burdell
Cause #1: Internet Explorer

Maybe... but firefox is vulnerable too. Just last week I got a virus (intercepted by norton fortunately) while browsing a site that had been infected in firefox.
 

slag

Lifer
Dec 14, 2000
10,473
81
101
I.E is not the cause, merely the method of transportation.

The cause of this are the people who maliciously put this out there.

 

GooeyGUI

Senior member
Aug 1, 2005
688
0
76
Originally posted by: slag
I.E is not the cause, merely the method of transportation.

The cause of this are the people who maliciously put this out there.

or in the case of a bot victim, accidentally propagates it to other locations.... other locations... other locations...