FBI Releases Results of Operation Bot Roast 189
coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"
Skip the spammy site (Score:5, Informative)
and go straight to the source
http://www.fbi.gov/pressrel/pressrel07/botnet0613
Microsoft Windows, please stand up (Score:2, Informative)
When the monopoly is finally busted, I guess it will no longer be implicit that "We're talking about Windows, of course."
Re:And here come the phishers.... (Score:5, Informative)
There have already been tons of viral messages from these two domains over the past few years. One of the big Windows worms ("Slammer," if I recall correctly) was often mailed out with an fbi.gov From address. Forging irs.gov messages is common among phishers.
Re:Or another approach. (Score:3, Informative)
The problem is, there'll probably be too many jurisdictions involved. What happens when the controlling computer is in China, Russia, etc.
Did you read the article? The three people cited as running massive botnets all lived in the United States.
From the FBI press release [fbi.gov] cited above: "To date, the following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:
I don't disagree that the global nature of the Internet makes investigation and prosecution of such actions difficult. But there are probably enough botnet operators here in the States to keep the FBI busy for some time to come.
Re:And here come the phishers.... (Score:4, Informative)
Re:Why not shut them down? (Score:3, Informative)
direct them to a site that they are now blocked from reaching, hmmm.
I know you would un-block that 1 site, but then hackers patch to block that 1 patch...
One got past our firewall also (email attachment actually) the ISP (Qwest) sent us a automated warning letter that we were about to get kicked, I did have it fixed before the letter was received. Imagine how difficult for a admin to track while all traffic is blocked, so the bot is hibernating. Since the blocking could easily cause much greater financial harm (assuming the most valuable of assets hasn't been compromised)
Such as our case, it was a PC with internet access, but not VPN access to anything too important. It would have severed our VOIP to the main offices, and hampered my research into multiple options to fix the issue. Not to mention how many projects missing data would be put on hold. In my case I first got all the virus definitions up to date (also a laptop with its first day on the network in several months.) So it would be impolite to block norton, mcafee, what about clamwin, etc, etc? When I am not in office everything is remote admin from offsite (kill that also?)
so the first time our ISP shutdown our traffic due to a burst of virus like traffic we would be ISP shopping.
Found your problem (Score:4, Informative)
It's right here.
That's a good start. If you're going to insist on using Windows, wiping and reinstalling on a regular basis is a must. I recommend at least annually. More often if you use Yahoo search, flash games or shareware. If you use AOL or MSN and chat or IRC, you may as well boot from the Windows install CD each day.
Getting it set up the way you like it, and creating an "image" file of that setup with Symantec Ghost or something like it makes the process a lot less painful.
Or you could try actually solving the problem [ubuntu.com], but I note from your post you don't care for that answer for some non-specified reason.
If you do ecommerce from a platform you know to be insecure, don't expect everyone here to lobby for legal solutions to your technical problem.
Also, ZoneAlarm is your friend... (Score:1, Informative)