Feeds

FBI logs its millionth zombie address

Come on over for a little Bot Roast

Security for virtualized datacentres

Federal law enforcement agents targeting botnets recently recorded a grim milestone, identifying the millionth potential zombie victim, the FBI said Wednesday.

Operation Bot Roast, as the cyber crime project has come to be known, has now logged more than 1m IP addresses belonging to a botnet. That amounts to plenty of owners, most of whom are oblivious that their Windows 98 box is a cog the sprawling machine at the heart of cyber crime.

So the FBI is working with industry partners such as the CERT Coordination Center at Carnegie Mellon University to notify victims, the agency announced in a release. We wanted to know how a notification effort of this scale might work, so we put in a call to learn more.

It turns out it there will be no mass emails or phone calls informing victims their machines are compromised. Rather, the project amounts to a campaign to educate the masses that the information security revolution starts at home.

"The vast majority of people infected don't really know their computer has been attacked and their computers are part in a wide-ranging number of criminal activities," says Shawn Henry, the deputy assistant director in the FBI's cyber division. "They've got a responsibility to take a look at their equipment and their networks and ensure that they're secure."

Botnets have emerged as the swiss army knife of online crime. They facilitate identity theft by storing huge caches of pilfered personal information. They are the launch pad for most denial of service attacks. And they are the preferred means of churning out spam, which many researchers now estimate comprises 80 percent of the email landing in our inboxes.

In the last couple of years, malware writers have made great strides in designing bots that are largely undetectable to the untrained eye. Many bot applications go through the trouble of installing any missed Windows patches so the compromised machine isn't vulnerable to competing bot herders. The result is a machine that is secretly under the control of a criminal, essentially making it a zombie.

Among the newer uses of botnets is a phishing variation known as the "Rock Phish." Traditional phishing attacks are frequently thwarted when a bank or other target manages to get a domain name registrar to revoke the URL being used by the spoof site. Rock Phish scams solve this limitation by using bots to host the fraudulent sites. When a phishing target succeeds in cutting off a bot, the fraudsters can easily tap another drone to host the bogus site.

"It's the biggest phishing threat out there right now," says Uriel Maimon, a senior research scientist at RSA. He estimates the Rock Phish method is responsible for almost half of today's phishing attacks and are being carried out by a single organized crime ring located in eastern Europe.

Joe Stewart, a senior researcher at SecureWorks, says Rock Phish attackers store a mountain of pilfered data on a central server and use bots as a kind of reverse proxy to obscure where it is located.

The term Rock Phish got its name from a now discontinued quirk in which the attackers used directory paths that contained the word "rock." The method currently targets at least 44 banks, and has proven particularly adept at keeping researchers in the dark, says Stewart.

Operation Bot Roast was created several months ago as an umbrella for the FBI's hundreds of ongoing investigations involving botnets, Henry says. Those investigations have spawned several arrests, including one in 2005 of a 20-year-old hacker who netted more than $61,000 and claimed to control more than 100,000 machines. Jeanson James Ancheta ultimately pleaded guilty and is now serving more than five years in federal prison.

More recently, other suspects of cyber crime have been nabbed as a result of the FBI's crackdown on botnets. Among them: Robert Alan Soloway, aka the Spam King, who was arrested in Seattle last month and accused of using a large botnet to send tens of millions of junk mails. The 27-year-old business man has pleaded not guilty and is awaiting trial in the case.

Two other individuals - Jason Michael Downey of Covington, Kentucky, and James C. Brewer of Arlington, Texas - have also recently been charged or arrested in connection with botnet-related crimes.

The FBI marked another significant milestone on Wednesday, announcing its Internet Crime Complaint Center, or IC3, logged its 1 millionth consumer complaint. The IC3 was established in 2000 and is a partnership between the FBI and the National White Collar Crime Center. Its mission is to provide a means for receiving, developing and referring criminal complaints related to cyber crime.

The IC3 has forwarded more than 461,000 criminal complaints, representing losses of about $647m, to federal, state or local law enforcement agencies.®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.