August 15, 2007: About the
same time the American FBI revealed that it has gone out and tried to count the
number of PCs that have been taken over by criminals for use in computer crime
(as botnets for spamming, DDOS attacks to shut down web sites, etc) or Cyber
War activities (like the current Chinese attacks against U.S. military
networks), the biggest botnet ever seen was being built.
The Storm computer virus had
been spreading since early in the year, grabbing control of PCs around the
world. By August, Storm had infected nearly two million computers with a secret
program that turned those PCs into unwilling slaves (or "zombies") of those
controlling this network (or botnet) of computers. Many of you may have noticed
a lot of recent spam directing you to look at an online greeting card, or
accompanied by pdf files. That was Storm, the largest single spam campaign
ever.
Meanwhile, the FBI announced
that Operation Bot Roast had, so far, identified over a million compromised
PCs, in scores of botnets. The FBI is trying to get in touch with as many of
these computer users as possible, and direct them to organizations and
companies that can help them clean the zombie software out of their computers.
Help can be had for free, although many of the compromised PCs were found to be
clogged with all manner of malware (illegal software hidden on your machine to
feed you ads or simply track what you do).
Most owners of zombiefied
computers didn't even realize their PCs had been taken over. Some with heavily
infected machines, do notice that the malware slows down the PC, and there have
been cases where the user just went out and bought a new computer. Usually,
reformatting the hard drive and reinstalling your software works, and is a lot
cheaper. But most computer users today don't know how to reformat a hard drive,
or even get someone to do it for them.
Operation Bot Roast only
collected the IP (Internet Protocol) addresses of the compromised PCs. The IP
address is the "mailing address" every PC must have when it is connected to the
Internet. These addresses are distributed to ISPs (Internet Service Providers),
who assign them to PCs that they connect to the Internet. Anyone can go to a
site like http://www.ip-adress.com/ to find out which ISP controls which IP
address. The FBI is contacting the ISPs, and asking them to contact their
customers, preferably via the mail, who were using the infected IP addresses at
the time the FBI discovered that IP address to be operating from a zombie PC.
The FBI also identified the
operators of many botnet (networks of zombie PCs) operators, has arrested some,
and is pursuing many others. To avoid the FBI, many botherders (those who
operate botnets) are overseas, often in countries without an extradition treaty
with the United States. Criminal gangs are increasingly active in this area,
and, in the case of China, so are government Cyber War operations.
The FBI did not comment on any
Cyber War aspects of Operation Bot Roast, but they must have been substantial,
and something the FBI and CIA are busy exploiting. The FBI has been equally
silent about the Storm virus, and the enormous botnet its creators are putting
together. It appears that the Storm botnet is strictly for commercial purposes.
Notices appearing in computer criminal gathering places (password protected
chat rooms and similar sites) have announced that the Storm botnet is available
for use in spamming, or similar Internet criminal scams. The botherders know
the FBI, and dozens of other police organizations, are looking for them, and
hide behind multiple layers of electronic, and real world, deception. But given
the amount of damage a two million strong botnet could do, there is apparently
a bit of urgency in taking this crew down, and quickly.
