FBI's "Operation Bot Roast II" Identifies and Captures Eight
Individuals Responsible for Infecting over 1 Million Compromised
Computers
On November 29, 2007, the FBI announced
the results of the second phase of its continuing investigation into a
growing and serious problem involving criminal use of botnets. Since
Operation 'Bot Roast' was announced last June, eight individuals have
been indicted, pled guilty, or been sentenced for crimes related to
botnet activity. Additionally, thirteen search warrants were served
in the U.S. and by overseas law enforcement partners in connection
with this operation. Though damage is still being assessed, it is
anticipated that there will be more than $20 million in economic loss
and more than one million victim computers linked to Bot Roast II.
The term "botnet" is derived from the idea of a "robot
network." In the context of botnets, bots refer to computers that
can be controlled by one, or many, outside sources. An attacker
usually gains control by infecting the computers with a virus or other
malicious code. In many cases, the computers continue to operate
normally, and the owners remain unaware that their computers have been
compromised. The comprised systems are controlled remotely through a
command and control channel where the botnet's originator, sometimes
called the "bot herder," can operate and unite them with other
infected systems to increase their effectiveness and redundancy. Some
estimates suggest that botnets are responsible for the majority of all
spam sent and are often the culprits behind phishing, Trojan, and worm
activity. Botnets are frequently used to steal password and login
data, bank account information, and other sensitive business and
personal data.
The FBI is working with industry partners to notify the infected
victims. The FBI will not contact victims online and request personal
information, so handle those types of requests cautiously because they
could be part of a malicious phishing scheme attempting to exploit
this issue. Instead, users who suspect they have been compromised
should first call their Internet Service Provider or a trained
computer professional. The trained professionals will be able to
determine if your system has been compromised and take the necessary
steps to sanitize your computer. In addition, users should consider
filing a complaint with the Internet
Crime Complaint Center to alert authorities of any cyber crime
violations.
As their investigation continues to unfold, US-CERT reminds users
of the following security best practices, which can also be found in
the cyber security tip Understanding
Hidden Threats: Rootkits and Botnets:
- Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses, so
you may be able to detect and remove the virus before it can do any
damage (see Understanding
Anti-Virus Software for more information). Because attackers are
continually writing new viruses, it is important to keep your
definitions up to date. Some anti-virus vendors also offer
anti-rootkit software.
- Install a firewall - Firewalls may be able to prevent
some types of infection by blocking malicious traffic before it can
enter your computer and limiting the traffic you send (see Understanding
Firewalls for more information). Some operating systems actually
include a firewall, but you need to make sure it is enabled.
- Use good passwords - Select passwords that will be
difficult for attackers to guess, and use different passwords for
different programs and devices (see Choosing and
Protecting Passwords for more information). Do not choose options
that allow your computer to remember your passwords.
- Keep software up to date - Install software patches so
that attackers can't take advantage of known problems or
vulnerabilities (see Understanding
Patches for more information). Many operating systems offer
automatic updates. If this option is available, you should enable
it.
- Follow good security practices - Take appropriate
precautions when using email and web browsers to reduce the risk that
your actions will trigger an infection (see other US-CERT security
tips for more information).
US-CERT works closely with the FBI to investigate and identify
cyber criminals and threats. This collaboration is integral in
defending America's Internet infrastructure. US-CERT and the FBI will
continue to monitor this activity and provide updates as needed.
For more information or to view the press release in full, visit http://www.fbi.gov/page2/nov07/botnet112907.html.
|