FBI's "Operation Bot Roast II" Identifies and Captures Eight Individuals Responsible for Infecting over 1 Million Compromised Computers

On November 29, 2007, the FBI announced the results of the second phase of its continuing investigation into a growing and serious problem involving criminal use of botnets. Since Operation 'Bot Roast' was announced last June, eight individuals have been indicted, pled guilty, or been sentenced for crimes related to botnet activity. Additionally, thirteen search warrants were served in the U.S. and by overseas law enforcement partners in connection with this operation. Though damage is still being assessed, it is anticipated that there will be more than $20 million in economic loss and more than one million victim computers linked to Bot Roast II.

The term "botnet" is derived from the idea of a "robot network." In the context of botnets, bots refer to computers that can be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code. In many cases, the computers continue to operate normally, and the owners remain unaware that their computers have been compromised. The comprised systems are controlled remotely through a command and control channel where the botnet's originator, sometimes called the "bot herder," can operate and unite them with other infected systems to increase their effectiveness and redundancy. Some estimates suggest that botnets are responsible for the majority of all spam sent and are often the culprits behind phishing, Trojan, and worm activity. Botnets are frequently used to steal password and login data, bank account information, and other sensitive business and personal data.

The FBI is working with industry partners to notify the infected victims. The FBI will not contact victims online and request personal information, so handle those types of requests cautiously because they could be part of a malicious phishing scheme attempting to exploit this issue. Instead, users who suspect they have been compromised should first call their Internet Service Provider or a trained computer professional. The trained professionals will be able to determine if your system has been compromised and take the necessary steps to sanitize your computer. In addition, users should consider filing a complaint with the Internet Crime Complaint Center to alert authorities of any cyber crime violations.

As their investigation continues to unfold, US-CERT reminds users of the following security best practices, which can also be found in the cyber security tip Understanding Hidden Threats: Rootkits and Botnets:

• Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.
• Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
• Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
• Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
• Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

US-CERT works closely with the FBI to investigate and identify cyber criminals and threats. This collaboration is integral in defending America's Internet infrastructure. US-CERT and the FBI will continue to monitor this activity and provide updates as needed.

For more information or to view the press release in full, visit http://www.fbi.gov/page2/nov07/botnet112907.html.