Slashdot Mirror
FBI Releases Results of Operation Bot Roast
coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"
and go straight to the source
http://www.fbi.gov/pressrel/pressrel07/botnet0613
I would have thought that a nice call from the FBI to the CxOs of the main appropriate ISPs and a selection of those users on the fastest connections (ie with the most capacity to be damaging) would have a salutary effect.
And then a follow up with negligence-related charges for those who refused to give a f**k maybe?
Rgds
Damon
http://m.earth.org.uk/
Anyone else think this will start a new wave of phishing where botnet controllers send e-mail messages out forged as coming from FBI.gov to people telling them their machines are infected with bots (linking to the URL in parent) and that they need to install the program attached to the e-mail that is claimed to remove the offending software but in fact turns your machine into another zombie?
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Dear Computer Owner,
Your computer has been determined to be infected by a malicious program that gives control to another person. Please double-click on the link to find out how to get your computer disinfected.
FBI
No. Really.
I aim to misbehave.
Windows was ubiquitous long before botnets became a problem.
Botnets became a problem as full-time internet access by unsophisticated home users became more ubiquitous, and Windows was the primary target because it was the main OS used by the targeted users. If there had been a Mac OS or Linux monoculture instead, people would have been tricked into install malicious software on those platforms instead.
I don't know what "the relative risks" means, but since none of my Windows machines are in a botnet, and there are millions and millions of them that are not, this is not a Windows problem. It's a basic user education problem. Windows may have more attack vectors than other OSes, but that doesn't mean they are not known or are impossible to avoid. Simple common sense goes a long way. People get infected with botware because they download things they shouldn't or don't bother to keep their machines up to date by turning on automatic updates so they don't have to worry about anything.
If you think one chmod +x is an insurmountable obstacle to turning your shiny Linux or OS X box into a bot, remember that people get infected by executables in password protected ZIP files and that all of the most massively distributed worms have all required significant user intervention to propagate. Maybe one of these days you'll inherit 800 million completely clueless users, and maybe then you'll call it a "Linux problem"?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
A. Everyone "knows" that the NSA is doing its utmost to listen to all internet traffic.
B. It would do the NSA no good to listen to everything without filtering out the 99.999% which is irrelevant. Ergo, they must have pattern filters.
C. Botnets must be a big part of the filtered traffic.
D. NSA must be aware of botnets, their patterns, their control channels, their zombie elements.
E. Yet botnets continue.
F. The NSA must want them to continue unmolested.
The NSA knows how botnets work, and could hijack them at any time. The only reason to do so is to keep them in reserve for their own use.
I suggest the NSA would hijack botnets for counterattack if the US nets were attacked by another country.
That's my conspiracy theory, I hope you like it.
Infuriate left and right
Then a few months back I get word from my credit card company that someone had hacked into my account online (using my username and password), changed my billing address to someplace in NJ, then proceeded to try to charge a bunch of stuff on the account (luckily the CC company caught on to them and locked it down). I couldn't figure out how they did it.
Then a few months after that, I started to notice my computer acting strange. My router would be showing HEAVY activity even when I wasn't doing anything and Windows wasn't downloading updates. Eventually, I realized that someone must had botted my computer (still don't know exactly what they were up to, but I'm sure it involved sending out letters from an innocent Nigerian official just wanting people to help him transfer some money). That's how they got my account info for my credit card.
Anyway. I wiped the whole system clean (even tried out Linux for a while, but didn't care for it) and now the problem is gone. But it still makes me nervous as Hell. What drives me crazy is that I can't figure out how they did it. But, as a hacker friend once said: If it's on a network, it can be hacked--period.
SJW: Someone who has run out of real oppression, and has to fake it.
Is the FBI allowed to do this? Did they get special dispensation from the RIAA and MPAA to work on a project that appears to be completely unrelated to copyright infringement?
Stop-Prism.org: Opt Out of Surveillance