operation Bot Roast

[Eugen Leitl]

http://www.networkworld.com/community/?q=node/16193

FBI: Operation Bot Roast finds over 1 million botnet victims

Submitted by Layer 8 on Wed, 06/13/2007 - 12:09pm.

The Department of Justice and FBI today said ongoing investigations have
identified over 1 million botnet crime victims. The FBI is working with
industry partners, including the Computer Emergency Response Team
Coordination Center at Carnegie Mellon University, to notify the victim
owners of the computers. Microsoft and the Botnet Task Force have also helped
out the FBI. Through this process the FBI may uncover additional incidents in
which botnets have been used to facilitate other criminal activity, the FBI
said in a statement.

The FBI and Justice Dept. have an ongoing cyber crime initiative to disrupt
and dismantle botherders known as Operation Bot Roast. To date, the project
has nabbed:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet
that infected Chicago area hospitals. This botnet infected tens of thousands
of computers worldwide.

* Jason Michael Downey of Covington, Kentucky, is charged with using botnets
to send a high volume of traffic to intended recipients to cause damage by
impairing the availability of such systems.

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large
botnet network and spammed tens of millions of unsolicited email messages to
advertise his website from which he offered services and products.

Bots are widely recognized as one of the top scourges of the industry.
Gartner predicts that by year-end 75% of enterprises "will be infected with
undetected, financially motivated, targeted malware that evaded traditional
perimeter and host defenses," and early reports from beta customers of a yet
to be released product from Mi5 show how nefarious these infections can be.

Mi5 says it installed a Web security beta product at an organization with
12,000 nodes and in one month detected 22 active bots, 123 inactive bots and
was watching another 313 suspected bots. That may not sound like a lot, but
those bots were responsible for 136 million bot-related incidents, such as
scanning for other hosts inside the firewall.

Google researchers recently said at least one in 10 web pages is
booby-trapped with malware. Google's Ghost in the Browser study looked at
over 4.5 million Web pages, and found that 10% of them were capable of
activating malicious codes and 16% were suspected to contain codes that might
be a threat to computers.

Most owners of the compromised computers are unknowing and unwitting victims.
They have unintentionally allowed unauthorized access and use of their
computers as a vehicle to facilitate other crimes, such as identity theft,
denial of service attacks, phishing, click fraud, and the mass distribution
of spam and spyware. Because of their widely distributed capabilities,
botnets are a growing threat to national security, the national information
infrastructure, and the economy, the FBI said.

"The majority of victims are not even aware that their computer has been
compromised or their personal information exploited," said FBI Assistant
Director for the Cyber Division James Finch. "An attacker gains control by
infecting the computer with a virus or other malicious code and the computer
continues to operate normally. Citizens can protect themselves from botnets
and the associated schemes by practicing strong computer security habits to
reduce the risk that your computer will be compromised."