Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Releases Results of Operation Bot Roast

Posted by ScuttleMonkey on from the notification-flagged-as-spam-and-deleted dept.

coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"

5 of 189 comments (clear)

  1. Why not shut them down? by DamonHD · · Score: 4, Insightful

    I would have thought that a nice call from the FBI to the CxOs of the main appropriate ISPs and a selection of those users on the fastest connections (ie with the most capacity to be damaging) would have a salutary effect.

    And then a follow up with negligence-related charges for those who refused to give a f**k maybe?

    Rgds

    Damon

    --
    http://m.earth.org.uk/
  2. And here come the phishers.... by HTH+NE1 · · Score: 4, Insightful

    Anyone else think this will start a new wave of phishing where botnet controllers send e-mail messages out forged as coming from FBI.gov to people telling them their machines are infected with bots (linking to the URL in parent) and that they need to install the program attached to the e-mail that is claimed to remove the offending software but in fact turns your machine into another zombie?

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  3. Re:Botnet by DragonWriter · · Score: 4, Insightful

    Botnets were never a problem until Microsoft Windows became ubiquitous.


    Windows was ubiquitous long before botnets became a problem.

    Botnets became a problem as full-time internet access by unsophisticated home users became more ubiquitous, and Windows was the primary target because it was the main OS used by the targeted users. If there had been a Mac OS or Linux monoculture instead, people would have been tricked into install malicious software on those platforms instead.
  4. Re:It's good to see the FBI getting a clue. by dedazo · · Score: 4, Insightful

    This is a Windows problem and the relative risks should be published.

    I don't know what "the relative risks" means, but since none of my Windows machines are in a botnet, and there are millions and millions of them that are not, this is not a Windows problem. It's a basic user education problem. Windows may have more attack vectors than other OSes, but that doesn't mean they are not known or are impossible to avoid. Simple common sense goes a long way. People get infected with botware because they download things they shouldn't or don't bother to keep their machines up to date by turning on automatic updates so they don't have to worry about anything.

    If you think one chmod +x is an insurmountable obstacle to turning your shiny Linux or OS X box into a bot, remember that people get infected by executables in password protected ZIP files and that all of the most massively distributed worms have all required significant user intervention to propagate. Maybe one of these days you'll inherit 800 million completely clueless users, and maybe then you'll call it a "Linux problem"?

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  5. Think globally, act locally. by khasim · · Score: 3, Insightful

    The problem is, there'll probably be too many jurisdictions involved.

    And ... ?

    There isn't any way to shut down all of the zombies. But our government CAN act to shut down the zombies here.

    What happens when the controlling computer is in China, Russia, etc. Even if you do get the foreign government to cooperate and the controlling ISP, how do you know when it ends?

    First off, there is NOTHING stopping our FBI from contacting law enforcement agencies in Russia or China. They may not help, but then again, they may help.

    Then, you track the traffic back from that machine. And from the next machine. And from the next machine.

    How do you really know that computer isn't compromised and being controlled from elsewhere.

    Simple. The commands have to come from somewhere. You can monitor all inbound and outbound connections. That will tell you what machines that machine is communicating with. You just keep checking each of those to see whether the trail continues or ends.

    And even if you do finally nail one guy running a botnet, how many others will take his place?

    A lot. So?

    Do we stop arresting criminals just because other criminals will perform the same crimes?

    Its not like they'll be arresting guys day after day... this would take months or even years of investigation to properly prosecute a person.

    Not really. There's no reason why it would take more than a week. If the zombies are not receiving commands, then they're not sending spam or doing DDoS attacks. In which case, the problem is already solved.

    If they are receiving commands, then you've just gotten another link. Maybe more than one link.

    In the meantime, the ISP's are limiting the damage caused by those zombies.