Feeds

FBI logs its millionth zombie address

Come on over for a little Bot Roast

The Power of One eBook: Top reasons to choose HP BladeSystem

Federal law enforcement agents targeting botnets recently recorded a grim milestone, identifying the millionth potential zombie victim, the FBI said Wednesday.

Operation Bot Roast, as the cyber crime project has come to be known, has now logged more than 1m IP addresses belonging to a botnet. That amounts to plenty of owners, most of whom are oblivious that their Windows 98 box is a cog the sprawling machine at the heart of cyber crime.

So the FBI is working with industry partners such as the CERT Coordination Center at Carnegie Mellon University to notify victims, the agency announced in a release. We wanted to know how a notification effort of this scale might work, so we put in a call to learn more.

It turns out it there will be no mass emails or phone calls informing victims their machines are compromised. Rather, the project amounts to a campaign to educate the masses that the information security revolution starts at home.

"The vast majority of people infected don't really know their computer has been attacked and their computers are part in a wide-ranging number of criminal activities," says Shawn Henry, the deputy assistant director in the FBI's cyber division. "They've got a responsibility to take a look at their equipment and their networks and ensure that they're secure."

Botnets have emerged as the swiss army knife of online crime. They facilitate identity theft by storing huge caches of pilfered personal information. They are the launch pad for most denial of service attacks. And they are the preferred means of churning out spam, which many researchers now estimate comprises 80 percent of the email landing in our inboxes.

In the last couple of years, malware writers have made great strides in designing bots that are largely undetectable to the untrained eye. Many bot applications go through the trouble of installing any missed Windows patches so the compromised machine isn't vulnerable to competing bot herders. The result is a machine that is secretly under the control of a criminal, essentially making it a zombie.

Among the newer uses of botnets is a phishing variation known as the "Rock Phish." Traditional phishing attacks are frequently thwarted when a bank or other target manages to get a domain name registrar to revoke the URL being used by the spoof site. Rock Phish scams solve this limitation by using bots to host the fraudulent sites. When a phishing target succeeds in cutting off a bot, the fraudsters can easily tap another drone to host the bogus site.

"It's the biggest phishing threat out there right now," says Uriel Maimon, a senior research scientist at RSA. He estimates the Rock Phish method is responsible for almost half of today's phishing attacks and are being carried out by a single organized crime ring located in eastern Europe.

Joe Stewart, a senior researcher at SecureWorks, says Rock Phish attackers store a mountain of pilfered data on a central server and use bots as a kind of reverse proxy to obscure where it is located.

The term Rock Phish got its name from a now discontinued quirk in which the attackers used directory paths that contained the word "rock." The method currently targets at least 44 banks, and has proven particularly adept at keeping researchers in the dark, says Stewart.

Operation Bot Roast was created several months ago as an umbrella for the FBI's hundreds of ongoing investigations involving botnets, Henry says. Those investigations have spawned several arrests, including one in 2005 of a 20-year-old hacker who netted more than $61,000 and claimed to control more than 100,000 machines. Jeanson James Ancheta ultimately pleaded guilty and is now serving more than five years in federal prison.

More recently, other suspects of cyber crime have been nabbed as a result of the FBI's crackdown on botnets. Among them: Robert Alan Soloway, aka the Spam King, who was arrested in Seattle last month and accused of using a large botnet to send tens of millions of junk mails. The 27-year-old business man has pleaded not guilty and is awaiting trial in the case.

Two other individuals - Jason Michael Downey of Covington, Kentucky, and James C. Brewer of Arlington, Texas - have also recently been charged or arrested in connection with botnet-related crimes.

The FBI marked another significant milestone on Wednesday, announcing its Internet Crime Complaint Center, or IC3, logged its 1 millionth consumer complaint. The IC3 was established in 2000 and is a partnership between the FBI and the National White Collar Crime Center. Its mission is to provide a means for receiving, developing and referring criminal complaints related to cyber crime.

The IC3 has forwarded more than 461,000 criminal complaints, representing losses of about $647m, to federal, state or local law enforcement agencies.®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.