Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Releases Results of Operation Bot Roast

Posted by ScuttleMonkey on from the notification-flagged-as-spam-and-deleted dept.

coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"

8 of 189 comments (clear)

  1. Skip the spammy site by Anonymous Coward · · Score: 5, Informative


    and go straight to the source
    http://www.fbi.gov/pressrel/pressrel07/botnet06130 7.htm

  2. Microsoft Windows, please stand up by toby · · Score: 1, Informative

    It's amazing people still write headlines and article summaries without mentioning the enabling technology in question.

    When the monopoly is finally busted, I guess it will no longer be implicit that "We're talking about Windows, of course."

    --
    you had me at #!
  3. Re:And here come the phishers.... by yuna49 · · Score: 4, Informative

    It wouldn't get too far in our mail system. We don't accept mail with From addresses in fbi.gov or irs.gov unless they originate on those agencies own servers. Mail coming from a server in rr.com claiming to be "From: fixyourcomputer@fbi.gov" is going to be dropped on the floor.

    There have already been tons of viral messages from these two domains over the past few years. One of the big Windows worms ("Slammer," if I recall correctly) was often mailed out with an fbi.gov From address. Forging irs.gov messages is common among phishers.

  4. Re:Or another approach. by yuna49 · · Score: 2, Informative

    The problem is, there'll probably be too many jurisdictions involved. What happens when the controlling computer is in China, Russia, etc.

    Did you read the article? The three people cited as running massive botnets all lived in the United States.

    From the FBI press release cited above: "To date, the following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:

    • James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);
    • Jason Michael Downey of Covington, Kentucky, is charged with an Information [sic] with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and
    • Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)"

    I don't disagree that the global nature of the Internet makes investigation and prosecution of such actions difficult. But there are probably enough botnet operators here in the States to keep the FBI busy for some time to come.

  5. Re:And here come the phishers.... by bob_herrick · · Score: 4, Informative
    FTFA

    The FBI will not contact you online and request your personal information so be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.
  6. Re:Why not shut them down? by Dare+nMc · · Score: 2, Informative

    direct all web traffic to a page with information on how the customer can clean his machine

    direct them to a site that they are now blocked from reaching, hmmm.
    I know you would un-block that 1 site, but then hackers patch to block that 1 patch...

    One got past our firewall also (email attachment actually) the ISP (Qwest) sent us a automated warning letter that we were about to get kicked, I did have it fixed before the letter was received. Imagine how difficult for a admin to track while all traffic is blocked, so the bot is hibernating. Since the blocking could easily cause much greater financial harm (assuming the most valuable of assets hasn't been compromised)

    Such as our case, it was a PC with internet access, but not VPN access to anything too important. It would have severed our VOIP to the main offices, and hampered my research into multiple options to fix the issue. Not to mention how many projects missing data would be put on hold. In my case I first got all the virus definitions up to date (also a laptop with its first day on the network in several months.) So it would be impolite to block norton, mcafee, what about clamwin, etc, etc? When I am not in office everything is remote admin from offsite (kill that also?)

    so the first time our ISP shutdown our traffic due to a burst of virus like traffic we would be ISP shopping.

  7. Found your problem by symbolset · · Score: 3, Informative

    ... and Windows wasn't ...

    It's right here.

    ... I wiped the whole system clean ...

    That's a good start. If you're going to insist on using Windows, wiping and reinstalling on a regular basis is a must. I recommend at least annually. More often if you use Yahoo search, flash games or shareware. If you use AOL or MSN and chat or IRC, you may as well boot from the Windows install CD each day.

    Getting it set up the way you like it, and creating an "image" file of that setup with Symantec Ghost or something like it makes the process a lot less painful.

    Or you could try actually solving the problem, but I note from your post you don't care for that answer for some non-specified reason.

    If you do ecommerce from a platform you know to be insecure, don't expect everyone here to lobby for legal solutions to your technical problem.

    --
    Help stamp out iliturcy.
  8. Also, ZoneAlarm is your friend... by Anonymous Coward · · Score: 1, Informative

    ...and the basic version is FREE (as in beer) too. It's pretty damned good at stopping malwares from sending network packets from your Winblows PC to the outside world.