Feeds

FBI logs its millionth zombie address

Come on over for a little Bot Roast

Internet Security Threat Report 2014

Federal law enforcement agents targeting botnets recently recorded a grim milestone, identifying the millionth potential zombie victim, the FBI said Wednesday.

Operation Bot Roast, as the cyber crime project has come to be known, has now logged more than 1m IP addresses belonging to a botnet. That amounts to plenty of owners, most of whom are oblivious that their Windows 98 box is a cog the sprawling machine at the heart of cyber crime.

So the FBI is working with industry partners such as the CERT Coordination Center at Carnegie Mellon University to notify victims, the agency announced in a release. We wanted to know how a notification effort of this scale might work, so we put in a call to learn more.

It turns out it there will be no mass emails or phone calls informing victims their machines are compromised. Rather, the project amounts to a campaign to educate the masses that the information security revolution starts at home.

"The vast majority of people infected don't really know their computer has been attacked and their computers are part in a wide-ranging number of criminal activities," says Shawn Henry, the deputy assistant director in the FBI's cyber division. "They've got a responsibility to take a look at their equipment and their networks and ensure that they're secure."

Botnets have emerged as the swiss army knife of online crime. They facilitate identity theft by storing huge caches of pilfered personal information. They are the launch pad for most denial of service attacks. And they are the preferred means of churning out spam, which many researchers now estimate comprises 80 percent of the email landing in our inboxes.

In the last couple of years, malware writers have made great strides in designing bots that are largely undetectable to the untrained eye. Many bot applications go through the trouble of installing any missed Windows patches so the compromised machine isn't vulnerable to competing bot herders. The result is a machine that is secretly under the control of a criminal, essentially making it a zombie.

Among the newer uses of botnets is a phishing variation known as the "Rock Phish." Traditional phishing attacks are frequently thwarted when a bank or other target manages to get a domain name registrar to revoke the URL being used by the spoof site. Rock Phish scams solve this limitation by using bots to host the fraudulent sites. When a phishing target succeeds in cutting off a bot, the fraudsters can easily tap another drone to host the bogus site.

"It's the biggest phishing threat out there right now," says Uriel Maimon, a senior research scientist at RSA. He estimates the Rock Phish method is responsible for almost half of today's phishing attacks and are being carried out by a single organized crime ring located in eastern Europe.

Joe Stewart, a senior researcher at SecureWorks, says Rock Phish attackers store a mountain of pilfered data on a central server and use bots as a kind of reverse proxy to obscure where it is located.

The term Rock Phish got its name from a now discontinued quirk in which the attackers used directory paths that contained the word "rock." The method currently targets at least 44 banks, and has proven particularly adept at keeping researchers in the dark, says Stewart.

Operation Bot Roast was created several months ago as an umbrella for the FBI's hundreds of ongoing investigations involving botnets, Henry says. Those investigations have spawned several arrests, including one in 2005 of a 20-year-old hacker who netted more than $61,000 and claimed to control more than 100,000 machines. Jeanson James Ancheta ultimately pleaded guilty and is now serving more than five years in federal prison.

More recently, other suspects of cyber crime have been nabbed as a result of the FBI's crackdown on botnets. Among them: Robert Alan Soloway, aka the Spam King, who was arrested in Seattle last month and accused of using a large botnet to send tens of millions of junk mails. The 27-year-old business man has pleaded not guilty and is awaiting trial in the case.

Two other individuals - Jason Michael Downey of Covington, Kentucky, and James C. Brewer of Arlington, Texas - have also recently been charged or arrested in connection with botnet-related crimes.

The FBI marked another significant milestone on Wednesday, announcing its Internet Crime Complaint Center, or IC3, logged its 1 millionth consumer complaint. The IC3 was established in 2000 and is a partnership between the FBI and the National White Collar Crime Center. Its mission is to provide a means for receiving, developing and referring criminal complaints related to cyber crime.

The IC3 has forwarded more than 461,000 criminal complaints, representing losses of about $647m, to federal, state or local law enforcement agencies.®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.