FBI Releases Results of Operation Bot Roast 189
coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"
If it wasn't for spam and advertisers.. (Score:4, Interesting)
"Victims" ? (Score:2, Interesting)
Who is the real victim here?
Re:Botnet (Score:4, Interesting)
All the windows boxes dissapear, so the bot-lovers would start targeting linux and OSX.
Don't think that just because there isn't a very active threat against those platforms doesn't mean that one isn't possible.
Re:Solution (Score:3, Interesting)
Yes, and never forget Gartner predicted... (Score:4, Interesting)
I just did some Googling on things like "bad Gartner predictions" and "missed Gartner predictions" or '"Gartner predictions" scorecard' hoping that someone had tried to keep tabs on them, but found to my disappointment virtually no relevant hits. Everyone discusses them in the months after they're released, nobody seems to check back even as recently as a year.
Of course, with predictions like these for 2002 [gartner.com]... "During 2002, leading-edge businesses will exploit application integration to generate business innovation...." how the heck would anyone ever figure out whether or not it was fulfilled?
I can't believe people pay Gartner for this stuff.
Re:Accountability -in closed source? (Score:1, Interesting)
Step 2: We (et all) are unable to make the product better, due to closed source.
MS has the only means and thus sole responsibility to improve their product.
Therefore, the user cannot be held liable for MS flaws.
Step 3: Sue the big red M for negligence, damages, and force them to release the source.. (not cracked yet?)
Step 4: Profit. No, really. They will settle.
It's good to see the FBI getting a clue. (Score:3, Interesting)
That they are looking into the problem is a good start. Gmen reading are advised to consult with the Honeynet Project [honeynet.org] and regard vector vendor "help" with suspicion. It would also be nice to see them call a spade a spade and abandon the false OS neutrality that keeps them for doing so. This is a Windows problem and the relative risks should be published. Otherwise they are lying to us and keeping information we can all use locked away. Most importantly, though, they need to clean their own house.
My conspiracy theory (Score:5, Interesting)
B. It would do the NSA no good to listen to everything without filtering out the 99.999% which is irrelevant. Ergo, they must have pattern filters.
C. Botnets must be a big part of the filtered traffic.
D. NSA must be aware of botnets, their patterns, their control channels, their zombie elements.
E. Yet botnets continue.
F. The NSA must want them to continue unmolested.
The NSA knows how botnets work, and could hijack them at any time. The only reason to do so is to keep them in reserve for their own use.
I suggest the NSA would hijack botnets for counterattack if the US nets were attacked by another country.
That's my conspiracy theory, I hope you like it.
I thought I knew what I was doing too (Score:5, Interesting)
Then a few months back I get word from my credit card company that someone had hacked into my account online (using my username and password), changed my billing address to someplace in NJ, then proceeded to try to charge a bunch of stuff on the account (luckily the CC company caught on to them and locked it down). I couldn't figure out how they did it.
Then a few months after that, I started to notice my computer acting strange. My router would be showing HEAVY activity even when I wasn't doing anything and Windows wasn't downloading updates. Eventually, I realized that someone must had botted my computer (still don't know exactly what they were up to, but I'm sure it involved sending out letters from an innocent Nigerian official just wanting people to help him transfer some money). That's how they got my account info for my credit card.
Anyway. I wiped the whole system clean (even tried out Linux for a while, but didn't care for it) and now the problem is gone. But it still makes me nervous as Hell. What drives me crazy is that I can't figure out how they did it. But, as a hacker friend once said: If it's on a network, it can be hacked--period.
Re:seems low (Score:3, Interesting)
only 1 million victims?? i do believe there are far more than 1 million addresses in these scumbags mailing lists. *everyone* who's gotten spam out of one of these botnets is (also) a victim... not just the poor saps who got winjacked(tm).
Re:Botnet (Score:2, Interesting)
Due to its ubiquity, MS is attacked much more than other systems, but the assumption that other systems are by default more secure is a statement of belief, not fact. How is your system configured? It makes a big difference. MS systems can be configured for many different security environments. The locked down deployments are very secure (their intended usage is Department of Defense deployments, etc). Wide open rich functionality client deployments are more functional, but less secure. The same tradeoffs exist in the Linix and BSD worlds. The current CERT and related vulnerability databases do not show that the *nix world has a clear superority over current comparable Windows products.
Web 2.0 is all but identical to cross-site scripting as a feature. The vulnerabilities here are so pervasive that users have virtually no way of protecting themselves if they want to have the rich web-based functionality. This is not MS specific.
Re:Tools for checking for Bot activity (Score:2, Interesting)
inspected are owned.
Re:Linux bots, seldom seen. (Score:3, Interesting)
Q8 Bots
Q8bot is a very small bot, consisting of only 926 lines of C-code. And it has one additional noteworthiness: It's written for Unix/Linux systems. It implements all common features of a bot: Dynamic updating via HTTP-downloads, various DDoS-attacks (e.g. SYN-flood and UDP-flood), execution of arbitrary commands, and many more. In the version we have captured, spreaders are missing. But presumably versions of this bot exist which also include spreaders.
Emphasis mine.
So these 'reasonable people' who know far more about computer security than you ever will actually assume the exact opposite of what you do. Nice try at misrepresenting the linked document though, you almost got me there.
The debate has moved on (Score:3, Interesting)
A few months back a botnet herder in Europe went down for running ONE 1.5 million seated botnet. The global botnet infection numbers are therefore in the tens to hundreds of millions of infected machines. Forget about what platform they run on. Obviously the numerical majority of infections will always be on the OS that has the most prevalence. And it will never be the same percentage for higher use as lower use OS. That's because higher use attracts a much higher level of interest by the infection writers. So let's climb down off the hackneyed hobby-horses.
Now to come to the point - shutting down botnets.
Does anyone imagine for one moment that none of the millions of infected machines are sitting under the watchful eyes of law enforcement, botnet tracking operations, and university labs? Who do you think first knows (after the perpetrator) when a spam-bot turns into a DDOS bot? Who thinks that nobody is watching and tracking the CC&C IRC commands coming down to the watched bots?
Catch up with reality. The FBI is working on very specific intelligence from some very intelligent researchers.