Feeds

FBI logs its millionth zombie address

Come on over for a little Bot Roast

Using blade systems to cut costs and sharpen efficiencies

Federal law enforcement agents targeting botnets recently recorded a grim milestone, identifying the millionth potential zombie victim, the FBI said Wednesday.

Operation Bot Roast, as the cyber crime project has come to be known, has now logged more than 1m IP addresses belonging to a botnet. That amounts to plenty of owners, most of whom are oblivious that their Windows 98 box is a cog the sprawling machine at the heart of cyber crime.

So the FBI is working with industry partners such as the CERT Coordination Center at Carnegie Mellon University to notify victims, the agency announced in a release. We wanted to know how a notification effort of this scale might work, so we put in a call to learn more.

It turns out it there will be no mass emails or phone calls informing victims their machines are compromised. Rather, the project amounts to a campaign to educate the masses that the information security revolution starts at home.

"The vast majority of people infected don't really know their computer has been attacked and their computers are part in a wide-ranging number of criminal activities," says Shawn Henry, the deputy assistant director in the FBI's cyber division. "They've got a responsibility to take a look at their equipment and their networks and ensure that they're secure."

Botnets have emerged as the swiss army knife of online crime. They facilitate identity theft by storing huge caches of pilfered personal information. They are the launch pad for most denial of service attacks. And they are the preferred means of churning out spam, which many researchers now estimate comprises 80 percent of the email landing in our inboxes.

In the last couple of years, malware writers have made great strides in designing bots that are largely undetectable to the untrained eye. Many bot applications go through the trouble of installing any missed Windows patches so the compromised machine isn't vulnerable to competing bot herders. The result is a machine that is secretly under the control of a criminal, essentially making it a zombie.

Among the newer uses of botnets is a phishing variation known as the "Rock Phish." Traditional phishing attacks are frequently thwarted when a bank or other target manages to get a domain name registrar to revoke the URL being used by the spoof site. Rock Phish scams solve this limitation by using bots to host the fraudulent sites. When a phishing target succeeds in cutting off a bot, the fraudsters can easily tap another drone to host the bogus site.

"It's the biggest phishing threat out there right now," says Uriel Maimon, a senior research scientist at RSA. He estimates the Rock Phish method is responsible for almost half of today's phishing attacks and are being carried out by a single organized crime ring located in eastern Europe.

Joe Stewart, a senior researcher at SecureWorks, says Rock Phish attackers store a mountain of pilfered data on a central server and use bots as a kind of reverse proxy to obscure where it is located.

The term Rock Phish got its name from a now discontinued quirk in which the attackers used directory paths that contained the word "rock." The method currently targets at least 44 banks, and has proven particularly adept at keeping researchers in the dark, says Stewart.

Operation Bot Roast was created several months ago as an umbrella for the FBI's hundreds of ongoing investigations involving botnets, Henry says. Those investigations have spawned several arrests, including one in 2005 of a 20-year-old hacker who netted more than $61,000 and claimed to control more than 100,000 machines. Jeanson James Ancheta ultimately pleaded guilty and is now serving more than five years in federal prison.

More recently, other suspects of cyber crime have been nabbed as a result of the FBI's crackdown on botnets. Among them: Robert Alan Soloway, aka the Spam King, who was arrested in Seattle last month and accused of using a large botnet to send tens of millions of junk mails. The 27-year-old business man has pleaded not guilty and is awaiting trial in the case.

Two other individuals - Jason Michael Downey of Covington, Kentucky, and James C. Brewer of Arlington, Texas - have also recently been charged or arrested in connection with botnet-related crimes.

The FBI marked another significant milestone on Wednesday, announcing its Internet Crime Complaint Center, or IC3, logged its 1 millionth consumer complaint. The IC3 was established in 2000 and is a partnership between the FBI and the National White Collar Crime Center. Its mission is to provide a means for receiving, developing and referring criminal complaints related to cyber crime.

The IC3 has forwarded more than 461,000 criminal complaints, representing losses of about $647m, to federal, state or local law enforcement agencies.®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.