Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Releases Results of Operation Bot Roast

ScuttleMonkey posted more than 7 years ago | from the notification-flagged-as-spam-and-deleted dept.

Security 189

coondoggie writes to tell us that the FBI has released the findings of their recent botnet study and have identified over 1 million botnet crime victims. "The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"

cancel ×

189 comments

Sorry! There are no comments related to the filter you selected.

Skip the spammy site (5, Informative)

Anonymous Coward | more than 7 years ago | (#19494457)


and go straight to the source
http://www.fbi.gov/pressrel/pressrel07/botnet06130 7.htm [fbi.gov]

Re:Skip the spammy site (2, Funny)

easyTree (1042254) | more than 7 years ago | (#19494605)

The majority of victims are not even aware that their computer has been compromised or their personal information exploited,
Indeedy, I seem to recall, a while back, 'hearing' of someone running an xdcc server on an fbi box..

And here come the phishers.... (4, Insightful)

HTH NE1 (675604) | more than 7 years ago | (#19494641)

Anyone else think this will start a new wave of phishing where botnet controllers send e-mail messages out forged as coming from FBI.gov to people telling them their machines are infected with bots (linking to the URL in parent) and that they need to install the program attached to the e-mail that is claimed to remove the offending software but in fact turns your machine into another zombie?

Re:And here come the phishers.... (4, Informative)

yuna49 (905461) | more than 7 years ago | (#19495935)

It wouldn't get too far in our mail system. We don't accept mail with From addresses in fbi.gov or irs.gov unless they originate on those agencies own servers. Mail coming from a server in rr.com claiming to be "From: fixyourcomputer@fbi.gov" is going to be dropped on the floor.

There have already been tons of viral messages from these two domains over the past few years. One of the big Windows worms ("Slammer," if I recall correctly) was often mailed out with an fbi.gov From address. Forging irs.gov messages is common among phishers.

Re:And here come the phishers.... (4, Informative)

bob_herrick (784633) | more than 7 years ago | (#19496459)

FTFA

The FBI will not contact you online and request your personal information so be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.

Stuff like that already happens (1)

billstewart (78916) | more than 7 years ago | (#19496711)

Usually it's pretending to be from Microsoft or AOL or your ISP or McAfee (though some of the mail I get claiming to be from McAfee is because I'm using a different anti-virus product at home this year :-) So the FBI is another authority that scammers can tell the gullible that they're working for.


If enough different authorities get forged, maybe the gullible will believe them less often...

The Biggest Spammer: +1, Revealing (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19495115)


is the world's most dangerous criminal [whitehouse.org] .

I hop this helps the criminal investigation.

Sincerely,
Kilgore Trout, C.P.A.

Huge purple penis (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19494507)

If it wasn't for spam and advertisers.. (3, Interesting)

QuantumG (50515) | more than 7 years ago | (#19494535)

There would be an RFC for getting an email address for an ip address and it wouldn't take an expert to figure out how to contact the right person when you see a machine doing something it shouldn't.

That's easy to do. (2)

khasim (1285) | more than 7 years ago | (#19494699)

Every IP address belongs to a block that has been assigned to some ISP.

Simply find the block containing that IP address and then find the ISP controlling that block.

Now, whether the ISP is going to spend any time (time == money) on dealing with the problem is the next issue.

Re:If it wasn't for spam and advertisers.. (0)

Anonymous Coward | more than 7 years ago | (#19494807)

I this this exact thing on and episode of CSI, a reverse DNS to email address look-up tool.

RFC 1491: you CAN get an email for an IP (1)

artifex2004 (766107) | more than 7 years ago | (#19494843)

IPs resolve by WHOIS if they have been properly SWIPed.

I thought I knew what I was doing too (4, Interesting)

elrous0 (869638) | more than 7 years ago | (#19495603)

I thought of myself as an expert until a few months ago. I have good antivirus/malware software, only use Firefox, never do stupid things like opening attachments with executable extensions, etc. Hell, I even have a wired network in my house to protect against wardrivers.

Then a few months back I get word from my credit card company that someone had hacked into my account online (using my username and password), changed my billing address to someplace in NJ, then proceeded to try to charge a bunch of stuff on the account (luckily the CC company caught on to them and locked it down). I couldn't figure out how they did it.

Then a few months after that, I started to notice my computer acting strange. My router would be showing HEAVY activity even when I wasn't doing anything and Windows wasn't downloading updates. Eventually, I realized that someone must had botted my computer (still don't know exactly what they were up to, but I'm sure it involved sending out letters from an innocent Nigerian official just wanting people to help him transfer some money). That's how they got my account info for my credit card.

Anyway. I wiped the whole system clean (even tried out Linux for a while, but didn't care for it) and now the problem is gone. But it still makes me nervous as Hell. What drives me crazy is that I can't figure out how they did it. But, as a hacker friend once said: If it's on a network, it can be hacked--period.

Why not shut them down? (4, Insightful)

DamonHD (794830) | more than 7 years ago | (#19494555)

I would have thought that a nice call from the FBI to the CxOs of the main appropriate ISPs and a selection of those users on the fastest connections (ie with the most capacity to be damaging) would have a salutary effect.

And then a follow up with negligence-related charges for those who refused to give a f**k maybe?

Rgds

Damon

Re:Why not shut them down? (1)

dropadrop (1057046) | more than 7 years ago | (#19494651)

I would have thought that a nice call from the FBI to the CxOs of the main appropriate ISPs and a selection of those users on the fastest connections (ie with the most capacity to be damaging) would have a salutary effect.

You mean make a quick way for the FBI to shut down anyones internet connection without studying the case any further? I would much prefer somebody developing applications that would manage to trace suspicious traffic, and if reliable enough direct all web traffic to a page with information on how the customer can clean his machine (the last part is actually a normal procedure for some ISP's here in Finland).

The main problem is, that I believe connections are "jammed" based on complaints, not automatically. This requires a lot of resources from the ISP, as does receiving calls from people who have no idea what is meant by an "infected machine". Of course the application detecting suspicious activity would have to be very reliable, and it would have to be very anonymous...

Re:Why not shut them down? (2, Informative)

Dare nMc (468959) | more than 7 years ago | (#19497063)

direct all web traffic to a page with information on how the customer can clean his machine

direct them to a site that they are now blocked from reaching, hmmm.
I know you would un-block that 1 site, but then hackers patch to block that 1 patch...

One got past our firewall also (email attachment actually) the ISP (Qwest) sent us a automated warning letter that we were about to get kicked, I did have it fixed before the letter was received. Imagine how difficult for a admin to track while all traffic is blocked, so the bot is hibernating. Since the blocking could easily cause much greater financial harm (assuming the most valuable of assets hasn't been compromised)

Such as our case, it was a PC with internet access, but not VPN access to anything too important. It would have severed our VOIP to the main offices, and hampered my research into multiple options to fix the issue. Not to mention how many projects missing data would be put on hold. In my case I first got all the virus definitions up to date (also a laptop with its first day on the network in several months.) So it would be impolite to block norton, mcafee, what about clamwin, etc, etc? When I am not in office everything is remote admin from offsite (kill that also?)

so the first time our ISP shutdown our traffic due to a burst of virus like traffic we would be ISP shopping.

Or another approach. (1)

khasim (1285) | more than 7 years ago | (#19494811)

Since the FBI can identify the machines to the ISP, it should be simple for the ISP and FBI to work together to track traffic to/from those machines.

First off, put them on their own network. Sure, this might clue the Zombie Master that something's happening, but maybe not.

Then, monitor the inbound/outbound traffic. If they're doing things like sending spam, block it. A DDoS attack? Block it.

Then work backwards to find the sites controlling the zombies.

It would probably be a LOT cheaper to do it that way than to try to get a MILLION people to clean their machines AND maintain them in the future.

Re:Or another approach. (1)

Nos. (179609) | more than 7 years ago | (#19495057)

Then work backwards to find the sites controlling the zombies.
It would probably be a LOT cheaper to do it that way than to try to get a MILLION people to clean their machines AND maintain them in the future.

If only it were that simple. The problem is, there'll probably be too many jurisdictions involved. What happens when the controlling computer is in China, Russia, etc. Even if you do get the foreign government to cooperate and the controlling ISP, how do you know when it ends? How do you really know that computer isn't compromised and being controlled from elsewhere.

And even if you do finally nail one guy running a botnet, how many others will take his place? Its not like they'll be arresting guys day after day... this would take months or even years of investigation to properly prosecute a person.

Think globally, act locally. (3, Insightful)

khasim (1285) | more than 7 years ago | (#19495271)

The problem is, there'll probably be too many jurisdictions involved.

And ... ?

There isn't any way to shut down all of the zombies. But our government CAN act to shut down the zombies here.

What happens when the controlling computer is in China, Russia, etc. Even if you do get the foreign government to cooperate and the controlling ISP, how do you know when it ends?

First off, there is NOTHING stopping our FBI from contacting law enforcement agencies in Russia or China. They may not help, but then again, they may help.

Then, you track the traffic back from that machine. And from the next machine. And from the next machine.

How do you really know that computer isn't compromised and being controlled from elsewhere.

Simple. The commands have to come from somewhere. You can monitor all inbound and outbound connections. That will tell you what machines that machine is communicating with. You just keep checking each of those to see whether the trail continues or ends.

And even if you do finally nail one guy running a botnet, how many others will take his place?

A lot. So?

Do we stop arresting criminals just because other criminals will perform the same crimes?

Its not like they'll be arresting guys day after day... this would take months or even years of investigation to properly prosecute a person.

Not really. There's no reason why it would take more than a week. If the zombies are not receiving commands, then they're not sending spam or doing DDoS attacks. In which case, the problem is already solved.

If they are receiving commands, then you've just gotten another link. Maybe more than one link.

In the meantime, the ISP's are limiting the damage caused by those zombies.

Re:Think globally, act locally. (2, Insightful)

Knara (9377) | more than 7 years ago | (#19495451)

Not really. There's no reason why it would take more than a week.
Doesn't seem like you are all that familiar with the realities of red tape and bureaucracy, not to mention cost-benefit ratio for something like that.

Re:Think globally, act locally. (1)

mikael (484) | more than 7 years ago | (#19495731)

Simple. The commands have to come from somewhere. You can monitor all inbound and outbound connections. That will tell you what machines that machine is communicating with. You just keep checking each of those to see whether the trail continues or ends.

Some Bot's were known to listen to IRC chat channels to receive commands. You then need to find out the ISP controlling the server. Then you have to find out the originator IP address of the person who sent out the commands. I wouldn't be suprised if they encrypted the commands as well.

Re:Or another approach. (2, Informative)

yuna49 (905461) | more than 7 years ago | (#19496127)

The problem is, there'll probably be too many jurisdictions involved. What happens when the controlling computer is in China, Russia, etc.

Did you read the article? The three people cited as running massive botnets all lived in the United States.

From the FBI press release [fbi.gov] cited above: "To date, the following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:

  • James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);
  • Jason Michael Downey of Covington, Kentucky, is charged with an Information [sic] with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and
  • Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)"

I don't disagree that the global nature of the Internet makes investigation and prosecution of such actions difficult. But there are probably enough botnet operators here in the States to keep the FBI busy for some time to come.

My conspiracy theory (4, Interesting)

A nonymous Coward (7548) | more than 7 years ago | (#19495543)

A. Everyone "knows" that the NSA is doing its utmost to listen to all internet traffic.

B. It would do the NSA no good to listen to everything without filtering out the 99.999% which is irrelevant. Ergo, they must have pattern filters.

C. Botnets must be a big part of the filtered traffic.

D. NSA must be aware of botnets, their patterns, their control channels, their zombie elements.

E. Yet botnets continue.

F. The NSA must want them to continue unmolested.

The NSA knows how botnets work, and could hijack them at any time. The only reason to do so is to keep them in reserve for their own use.

I suggest the NSA would hijack botnets for counterattack if the US nets were attacked by another country.

That's my conspiracy theory, I hope you like it.

Re:My conspiracy theory (1)

Hoi Polloi (522990) | more than 7 years ago | (#19495711)

Maybe the NSA systems are part of a botnet too!

Re:My conspiracy theory (1)

A nonymous Coward (7548) | more than 7 years ago | (#19495901)

OMG I hadn't thought of that .... one botnet to rule them all. Or maybe all the botnets got together to share the NSA botnet so none of them could take over all the others.

Criminy thsi is skk k kk ary.

Re:My conspiracy theory (1)

rthille (8526) | more than 7 years ago | (#19496835)

Yeah, from what I've seen of day-to-day Government competency, I'd imagine most of the NSA machines are part of botnets.

seems low (2, Insightful)

wizardforce (1005805) | more than 7 years ago | (#19494565)

1 million in botnets/[100 million?] in at least the US so that works out to about 1% by crude estimation so does anyone else think these numbers are a bit low? especially since

Google's Ghost in the Browser study looked at over 4.5 million Web pages, and found that 10% of them were capable of activating malicious codes and 16% were suspected to contain codes that might be a threat to computers.

how many computer users dont patch/update their computers or use a very old version? how many of those wouldnt know if they were infected or have an infected computer as it is?

Re:seems low (2, Interesting)

sdnoob (917382) | more than 7 years ago | (#19495697)

"over 1 million botnet crime victims."

only 1 million victims?? i do believe there are far more than 1 million addresses in these scumbags mailing lists. *everyone* who's gotten spam out of one of these botnets is (also) a victim... not just the poor saps who got winjacked(tm).

They didn't say that's *all* the zombies (2, Insightful)

billstewart (78916) | more than 7 years ago | (#19496855)

They said they'd found a million of the things - they weren't claiming to have caught all the zombies in the country or world. It's a good start, especially if they can get them cleaned up and watch for attempts at re-infecting them. It may be the low-hanging fruit, and they busted a couple of the zombie operators, which is good.


Of course, busting the operators also means there'll be some thousands of zombies out there who are waiting for Master to tell them what to do next, and some of them may get exploited by other people. But it's still a good start.

Phishing opportunity (1)

Avatar8 (748465) | more than 7 years ago | (#19494607)

Who knows how the FBI will contact these victims, but by announcing that they will be contacting them, I foresee numerous phishing attempts from fbi.com (a blank site, last I checked).


Warn the kids and wake the neighbors. Be suspicious of any e-mail posing as the FBI and wanting a response by clicking an URL, fbi.gov or otherwise.

Botnet (1)

jrwr00 (1035020) | more than 7 years ago | (#19494621)

Its more of the users fault and the OS makers fault for all these botnets, they should keep up with the updates and maybe even force the updates upon the users (i think M$ does this now with Vista) but botnets will always be a part of the internet, it like e-mail spam

Re:Botnet (0, Troll)

SpaceLifeForm (228190) | more than 7 years ago | (#19494785)

Botnets were never a problem until Microsoft Windows became ubiquitous. That and the fact that Microsoft Windows is a huge security hole, is what has allowed the botnets and spam to proliferate.

If all Microsoft machines were disconnected from the Internet, the problems disappear.

Re:Botnet (3, Interesting)

Pojut (1027544) | more than 7 years ago | (#19494861)

Wrong, wrong, and wrong. Get your blind hatred out of the way for a second, and you might realize that there are more than just windows boxes hooked up to the tubes.

All the windows boxes dissapear, so the bot-lovers would start targeting linux and OSX.

Don't think that just because there isn't a very active threat against those platforms doesn't mean that one isn't possible.

Re:Botnet (1)

jfengel (409917) | more than 7 years ago | (#19495409)

Not only possible, but some nifty new avenues, too. What a coup to slip a bit of malicious code into the code base of some important open-source project that accepts contributions (which is one of the big wins of open-sourced software). Obfuscating holes is so much easier than trying to get a buffer overrun to do more than crash the program (even if you have the source).

Re:Botnet (1)

dc29A (636871) | more than 7 years ago | (#19495453)

Wrong, wrong, and wrong. Get your blind hatred out of the way for a second, and you might realize that there are more than just windows boxes hooked up to the tubes.

All the windows boxes dissapear, so the bot-lovers would start targeting linux and OSX.

Don't think that just because there isn't a very active threat against those platforms doesn't mean that one isn't possible.


I think you are wrong, well at least in part. Windows is a big bot problem. The main reason is because everyone and their dog runs Windows as administrator. It is much harder to root a Linux/Mac machine because those users don't use their PCs as root/administrators.

Re:Botnet (1)

Knara (9377) | more than 7 years ago | (#19495475)

If Windows or OS X had 90% of the desktop market, the same users that currently click "Okay" or "Yes" on everything would be entering in their root/admin password for those OSes. It's about social engineering at that point, not necessarily the technical merits of the OS itself.

Re:Botnet (1)

Knara (9377) | more than 7 years ago | (#19495553)

Sorry I meant "Linux or OS X" not "Windows or OS X", though if you take it to mean "Regardless of whether Windows or OS X have 90%..." then it kind of works ;)

Re:Botnet (1)

Pojut (1027544) | more than 7 years ago | (#19495599)

Harder doesn't mean impossible.

Not to mention it presents a situation where people shift from one OS to another.

The OS they use doesn't matter. PEBKAC still applies, and will ALWAYS apply because people are generally fucking stupid.

Re:Botnet (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#19495787)

All the windows boxes dissapear, so the bot-lovers would start targeting linux and OSX.

That would be just fine. You see, the main reason Windows is not secure against these worms is because it is not profitable for MS to make Windows that way. Why would they bother? A worm makes your machine unusable. You throw the whole thing in the bin and go look for a new one. Everything in all the stores you look comes bundled with Windows. You buy an Acer with Windows and hope it is better than the last one, because as an average user, you assume the free market is operating and if there were better options, they'd be in the stores. MS's failure has made them money, not lost them money. Why would they want to change that?

When bot lovers start targeting Linux and OS X they'll find slightly harder targets for the most part, but not enough to make a huge difference. The real difference is what happens next. Instead of sitting on their hands Linux and OS X developers start making real improvements and soon that 99% of the low hanging fruit is gone and botnets are back to being a minor annoyance and fighting a constant battle against OS providers instead of being ignored by them. Why you ask? Because since Apple doesn't have a monopoly and Linux is a project that can never wield monopoly influence more or less by design. Both of them will need to offer security to compete with one another.

The insecurity in the desktop OS market is not directly because of Windows, it is because the market is monopolized, thus innovation in that market is no longer motivated by normal, free market economics. It's like a socialist run industry. Basically it sucks and innovation is not motivated by making customers happy in exchange for money, but by figuring out how to gouge them for more yet and take over a different market. End the monopoly and botnets will go away.

Re:Botnet (2, Insightful)

Skrynesaver (994435) | more than 7 years ago | (#19497009)

Unix and Linux machines may not be as plentiful, they are how ever high net worth targets, granted CS students run Linux on a home made boxin their bedroom, however large institutions run Unix and Linux on their servers and store data of real value on them, the reason windows boxes are targeted is that they are the low hanging fruit, relatively easy pickings

Re:Botnet (0)

Anonymous Coward | more than 7 years ago | (#19494969)

If Mac OS 9 caught on instead of Windows 95, the bot problem would have been dramatically worse.

Re:Botnet (4, Insightful)

DragonWriter (970822) | more than 7 years ago | (#19494971)

Botnets were never a problem until Microsoft Windows became ubiquitous.


Windows was ubiquitous long before botnets became a problem.

Botnets became a problem as full-time internet access by unsophisticated home users became more ubiquitous, and Windows was the primary target because it was the main OS used by the targeted users. If there had been a Mac OS or Linux monoculture instead, people would have been tricked into install malicious software on those platforms instead.

Re:Botnet (1)

rob1980 (941751) | more than 7 years ago | (#19495203)

Yeah, and botnets were never a problem until the internet became ubiquitous, too.

Let's blame the internet!

Re:Botnet (2, Interesting)

secPM_MS (1081961) | more than 7 years ago | (#19495767)

This is not a MS specific issue. An attacker can run a perfectly good botnet from a user-level compromise of an internet facing application. You don't need a system compromise. Given the difficulty of writing secure browsers and the easy with which a significant fraction of the public can be induced to click on links, there will always be a vast number of user-level compromises available. Look at the patch data for browsers, let alone OS's. Apple has been having to do more security patches than MS.

Due to its ubiquity, MS is attacked much more than other systems, but the assumption that other systems are by default more secure is a statement of belief, not fact. How is your system configured? It makes a big difference. MS systems can be configured for many different security environments. The locked down deployments are very secure (their intended usage is Department of Defense deployments, etc). Wide open rich functionality client deployments are more functional, but less secure. The same tradeoffs exist in the Linix and BSD worlds. The current CERT and related vulnerability databases do not show that the *nix world has a clear superority over current comparable Windows products.

Web 2.0 is all but identical to cross-site scripting as a feature. The vulnerabilities here are so pervasive that users have virtually no way of protecting themselves if they want to have the rich web-based functionality. This is not MS specific.

Re:Botnet (0)

Anonymous Coward | more than 7 years ago | (#19497153)

In fact, it never was a problem before Linux was around.Or computers, or electricity, or humans or ....

Windows becoming ubiquitous correlates nicely with internet connections becoming ubiquitous, and hence with
all other things that correlate strongly with internet connections.

Solution (4, Funny)

LoyalOpposition (168041) | more than 7 years ago | (#19494649)

Dear Computer Owner,

            Your computer has been determined to be infected by a malicious program that gives control to another person. Please double-click on the link to find out how to get your computer disinfected.

FBI

No. Really.

Re:Solution (5, Funny)

Novotny (718987) | more than 7 years ago | (#19494729)

Where's the link? How can I click it if there's no link?

Re:Solution (1)

Faylone (880739) | more than 7 years ago | (#19496467)

That's practically begging for a goatse link

Re:Solution (2, Funny)

trolltalk.com (1108067) | more than 7 years ago | (#19494767)

"Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"

Dear computer owner:

The computer industry has been determines to be infected by malicious 'analysts' who make a living out of regurgitating the same old news every year. God forbid they actually do something constructive for a change.

Re:Solution (2, Interesting)

mr100percent (57156) | more than 7 years ago | (#19494893)

This brings up a serious question, what would the FBI recommend to disinfect the machines? AdAware? Windows Defender? Norton?

Re:Solution (1)

blhack (921171) | more than 7 years ago | (#19494925)

there is a tool i have heard of called "lunix" or something like that that is supposed to do that job.

But i've heard that you have to download it from those shady Pirate 2 Pirate networks, so its probably a virus!

Re:Solution (0)

Anonymous Coward | more than 7 years ago | (#19495079)

Are you seriously suggesting that the FBI send letters to grandparents and those dumb enough to get infected and say they should download, burn and install another operating system they are unfamiliar with? Many of these people barely know how to use a Start menu, let alone partition tools. Not everyone is as geeky as you (or me).

Re:Solution (1)

A nonymous Coward (7548) | more than 7 years ago | (#19495433)

Are you seriously admitting you have no sense of humor?

Anyone else? (1, Funny)

jadin (65295) | more than 7 years ago | (#19494723)

Raise of hands for who read that as Operation Pot Roast?? /raises hand

Re:Anyone else? (2, Funny)

Anonymous Coward | more than 7 years ago | (#19494851)

<crickets>chirp</crickets>

Re:Anyone else? (0)

Anonymous Coward | more than 7 years ago | (#19495333)

Figuring out the pun isnt somthing to be proud of.

Re:Anyone else? (1)

jadin (65295) | more than 7 years ago | (#19495927)

You mean that was _intended_? Lame.

"Victims" ? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#19494773)

Is the victim the person whose computer is serving spam, or the person whose computer is receiving spam?

Who is the real victim here?

Re:"Victims" ? (1)

BosstonesOwn (794949) | more than 7 years ago | (#19495649)

The real victim here is the people like me who stop getting the email links on where to my Vi/-\gR/-\ cheap.

Really can't we just solve this issue by cutting off the funding ? Let's see company XXX does a back door deal with YYY to get out on spam lists. We go to company XXX and say we are fining you $500,000 a day per day until you stop spamming your crap out to the world. They move off shore then you go after the people selling the stuff to hawk to company XXX and if they go off shore you go up the chain until your done.

Cutting off funding is what will eventually stop it from being main stream. And Bot herders deserve to be processed per system they infect.

RIAA? (1)

Corporate Drone (316880) | more than 7 years ago | (#19494835)

From TFA:

A botnet is a collection of compromised computers under the remote command and control of a criminal "botherder." Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware.

Hmm... I didn't realize that the FBI was investigating the RIAA and their anti-P2P tactics!

Accountability (1)

blhack (921171) | more than 7 years ago | (#19494865)

I have said it before here, and i will say it again. People really need to be held accountable for what damage is caused by their ignorance. If my car comes flying through your bedroom window at 30 miles an hour because I parked it at the top of a hill in neutral, should General Motors be responsible? No.

Likewise, if i leave a completely unprotected winbox up on the internet and it gets rooted, should Microsoft be held responsible (which seems to be what some of you think)?

In both cases harm has been caused by my negligence, and i should be held accountable for both.

Re:Accountability -in closed source? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#19495001)

Step 1: MS makes a flawed product, even after all patches and security advisories are followed.

Step 2: We (et all) are unable to make the product better, due to closed source.

MS has the only means and thus sole responsibility to improve their product.
Therefore, the user cannot be held liable for MS flaws.

Step 3: Sue the big red M for negligence, damages, and force them to release the source.. (not cracked yet?)

Step 4: Profit. No, really. They will settle.

Re:Accountability (0)

Anonymous Coward | more than 7 years ago | (#19495165)

In the case of the car, it has a perfectly good brake and you didn't set it: GM off the hook.

In the case of Winders we assume the user is clueles and the OS is fscked and ripe for the harvest.

Re:Accountability (1)

Nilych (959204) | more than 7 years ago | (#19495347)

You a valid point. Same with the suggestion that people must be licensed to drive cars, why not computers. Both are valid points, to a degree. People aren't required to be certified as mechanics before getting a driver's license. Should the average user be at least somewhat computer savvy and trained in basic usage and protections (antivirus, security updates, etc)? Absolutely. What about the botnets and various infections that occur with almost no outward sign? Even the basically savvy user isn't going to know what to do if all the rest of their software doesn't do something about the zombification. I've worked with a number of computer literate people who exercised common sense, didn't open fake bank emails, didn't click spam links, didn't download adult movies, didn't pirate, and still got a number of worms. Explaining to them the nature of the beastly Internet and the constantly-escalating arms race between botnet ops/hackers/virus programmers/spammers and Microsoft/Symantec/etc led to a nearly universal response from them: They turned their computers off. Maybe that's the safest solution, but they didn't leave theirs off for more than a few days, and I wouldn't expect any other user to do differently. People have short memories, and shorter attention spans. Car manufacturers equip cars with a wide variety of safety features. Seat belts, shatterproof glass, airbags practically surrounding the driver/passengers, anti-lock brakes, etc. So maybe there's a future in making such things for computers - both tools that help keep the user from crashing their computer, and protections to keep the user relatively unharmed when it almost inevitably does.

Re:Accountability (1)

swb (14022) | more than 7 years ago | (#19495371)

What you leave out in your analogy is that bots are the result of third-party malicious action.

In your car analogy, the owner reasonably believed that when the car wasn't running, it wouldn't go anywhere and a THIRD PARTY pushed the car such that it rolled down the hill.

Ordinary users THINK that their machines aren't vulnerable and thus do nothing, which in and of itself isn't a problem until someone else breaks in and turns them into bots.

Re:Accountability (1)

blhack (921171) | more than 7 years ago | (#19495421)

In your car analogy, the owner reasonably believed that when the car wasn't running, it wouldn't go anywhere and a THIRD PARTY pushed the car such that it rolled down the hill.
True. I suppose that the analogy could be changed to say: "if i leave my doors unlocked, and my house gets robbed, is it the contractor that installed the locks fault?"

better?

The mechanisms to prevent your computer from getting rooted are in place. People just don't use them.

Re:Accountability (1)

kalirion (728907) | more than 7 years ago | (#19495563)

True. I suppose that the analogy could be changed to say: "if i leave my doors unlocked, and my house gets robbed, is it the contractor that installed the locks fault?"

better?


Quite often it's more like "If I have a standard lock on my front door and a burglar bumped [wikipedia.org] it, is it the fault of the contractor for installing an insecure lock? What if the lock company issued a recall on the locks because of said insecurity?

Re:Accountability (1)

eqreed (1108821) | more than 7 years ago | (#19495417)

That's a bad analogy. What if parked my car at the top of a hill in a bad neighborhood, leave my car unlocked, and someone else "breaks" into it and puts it into neutral. Am I still responsible?

What if I locked my doors?

What if I didn't "upgrade" my new locks to stronger more secure locks? I've seen a tow truck driver pick my door lock in seconds.

Re:Accountability (1)

z80kid (711852) | more than 7 years ago | (#19495431)

Frist car psot!

Re:Accountability (1)

Orlando (12257) | more than 7 years ago | (#19495477)

If my car comes flying through your bedroom window at 30 miles an hour because I parked it at the top of a hill in neutral, should General Motors be responsible?

I don't agree that this is a fair analogy. A more appropriate analogy would be that General Motors sells you a car that you believe to be the most up to date, leading model, only for it to be stolen the next day by some 14 year old oik who knows that he can open the rear passenger door just by tapping on the lock with a screw driver.

I am fed up with this attitide that it's the fault of the user who should know better. Utter rubbish. The product is faulty, pure and simple, and the fault is with the manufacturer, Microsoft in this case for making insecure software. They've known about the problems for years, and have done little or nothing to fix them.

I bought a Mac for my parents a couple of years ago. It runs OSX. Apart from a bit of help with the network settings I didn't have to do anything else to get them online SECURELY. Why is that? Because the machine comes with a firewall, built in, and turned on by default, and the OS is written with security as one of the primary goals. I have full confidence that they are now as secure as they need to be, and that if I'd bought them a PC instead the machine would be riddled with viruses and spyware by now.

Re:Accountability (0)

Anonymous Coward | more than 7 years ago | (#19495523)

More like: "If I park my car at the top of a hill and don't lock the doors then someone comes along and releases my handbrake, puts it in neutral then gives it a shove off the hill do I get in trouble for my car crashing through your front window?"

I know GM wouldn't get in trouble for it, but I don't know who has to pay to replace your front window if they never catch the jerk that released my handbrake and stuck it in neutral. I hope it's not me.

Re:Accountability (0)

Anonymous Coward | more than 7 years ago | (#19496865)

"should Microsoft be held responsible"

Difference is, General Motors company didn't come out in the night, tie your steering wheel in position, and push your car off the top of the hill towards the house.

Find one, single, solitary instance of a non-Microsoft computer being botted in the wild. Defects in every other industry (most especially cars), which cause the product to be prone to malfunction in a hazardous way, are swiftly recalled and in many cases the companies are prosecuted for their negligence. In every industry except one.

This article is homophobic (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#19494923)

Everyone know bot is a slur for homosexual men. It comes from the slang Carribean term "bati man", which refers to being a "bottom", being receptive to receive anal sex, for a gay man.

Just thought you Slashdotters should know.

Yes, and never forget Gartner predicted... (3, Interesting)

dpbsmith (263124) | more than 7 years ago | (#19494943)

...that OS/2 would be the dominant operating system by, IIRC, 1993 or thereabouts.

I just did some Googling on things like "bad Gartner predictions" and "missed Gartner predictions" or '"Gartner predictions" scorecard' hoping that someone had tried to keep tabs on them, but found to my disappointment virtually no relevant hits. Everyone discusses them in the months after they're released, nobody seems to check back even as recently as a year.

Of course, with predictions like these for 2002 [gartner.com] ... "During 2002, leading-edge businesses will exploit application integration to generate business innovation...." how the heck would anyone ever figure out whether or not it was fulfilled?

I can't believe people pay Gartner for this stuff.

Re:Yes, and never forget Gartner predicted... (1)

Doctor Memory (6336) | more than 7 years ago | (#19495295)

I can't believe people pay Gartner for this stuff.
Heh, pick up a copy of anything by Tom Peters or his ilk. People who buy those books also pay money for Gartner analysis reports. At least Tom Peters came right out and said that he had no idea what he was talking about [fastcompany.com] when he wrote his first book. I think it's going to take a lot of people screaming "The analysts have no clothes!" (clues?) before people start questioning Gartner, though.

Re:Yes, and never forget Gartner predicted... (1)

PPH (736903) | more than 7 years ago | (#19496285)

I can't believe people pay Gartner for this stuff.

They almost have to. Its a CYA tactic. If you do something stupid and you don't have a Gartner recommendation to back you up, you catch the blame. If you can back it up with a report, you can blame it on their bad advice.


I used to love the Gartner (and other analysts) material. I could always find something to back up my decisions.

Microsoft Windows, please stand up (1, Informative)

toby (759) | more than 7 years ago | (#19494995)

It's amazing people still write headlines and article summaries without mentioning the enabling technology in question.

When the monopoly is finally busted, I guess it will no longer be implicit that "We're talking about Windows, of course."

Re:Microsoft Windows, please stand up (1)

Monkeyman334 (205694) | more than 7 years ago | (#19496349)

Yeah man, M$ is so slow at sending out patches, and even if they do make the patch, it doesn't mean people are going to download them. If they had just created it right from the start, they wouldn't have to do the crappy whack-a-mole. When is M$ going to fix their OS? Oh, 5 months ago? Oops...

It's good to see the FBI getting a clue. (2, Interesting)

twitter (104583) | more than 7 years ago | (#19495093)

That they are looking into the problem is a good start. Gmen reading are advised to consult with the Honeynet Project [honeynet.org] and regard vector vendor "help" with suspicion. It would also be nice to see them call a spade a spade and abandon the false OS neutrality that keeps them for doing so. This is a Windows problem and the relative risks should be published. Otherwise they are lying to us and keeping information we can all use locked away. Most importantly, though, they need to clean their own house.

Re:It's good to see the FBI getting a clue. (4, Insightful)

dedazo (737510) | more than 7 years ago | (#19495229)

This is a Windows problem and the relative risks should be published.

I don't know what "the relative risks" means, but since none of my Windows machines are in a botnet, and there are millions and millions of them that are not, this is not a Windows problem. It's a basic user education problem. Windows may have more attack vectors than other OSes, but that doesn't mean they are not known or are impossible to avoid. Simple common sense goes a long way. People get infected with botware because they download things they shouldn't or don't bother to keep their machines up to date by turning on automatic updates so they don't have to worry about anything.

If you think one chmod +x is an insurmountable obstacle to turning your shiny Linux or OS X box into a bot, remember that people get infected by executables in password protected ZIP files and that all of the most massively distributed worms have all required significant user intervention to propagate. Maybe one of these days you'll inherit 800 million completely clueless users, and maybe then you'll call it a "Linux problem"?

getting a clue. (0, Flamebait)

twitter (104583) | more than 7 years ago | (#19495741)

I don't know what "the relative risks" means, but since none of my Windows machines are in a botnet ...

I'd believe you if you were running some other software to monitor your network activity, but that's beside the point.

What I want from the FBI are statistics on botnet populations. How many computers are compromised and what steps were taken to secure them that failed. Michael Dell and Vint Cerf estimate that 25% of "internet connected" computers are part of a botnet. I think they have vastly underestimated the problem, that botnets are entirely Windoze driven and that most of the steps taken by people like you are ineffective. None of these things [matousec.com] is really effective and using Microsoft's auto-update is the surest way to have your computer broken. The FBI is collecting and can provide some hard numbers to back up our assertions. If you care about truth, you want the numbers.

Maybe one of these days you'll inherit 800 million completely clueless users, and maybe then you'll call it a "Linux problem"?

Free software welcomes the people you and M$ despise, but there will be no equivalent monoculture for them and the problem will go away as it becomes increasingly more difficult and less profitable.

Re:getting a clue. (1)

Macthorpe (960048) | more than 7 years ago | (#19496563)

You are a busy bunny!

I'd believe you if you were running some other software to monitor your network activity, but that's beside the point.
Nice assumption, but the parent didn't say he wasn't running a network monitor. Considering I trust dedazo's opinion more than your clueless rantings, I would assume he is.

I think they have vastly underestimated the problem, that botnets are entirely Windoze driven and that most of the steps taken by people like you are ineffective
Have you ever heard of Q8bot or kaiten? Probably not, but they're Unix/Linux [honeynet.org] flavoured bots. So much for your 'all botnets are Windoze' FUD.

None of these things is really effective
Even though two of them are labeled as "Excellent anti-leak protection", and Comodo managed to pass every single test they tried? Where did you pull that 'fact' from?

using Microsoft's auto-update is the surest way to have your computer broken.
More Grade A bullshit. Auto-Update has not broken or even affected any of the machines that I have built for various friends, family and others. None of them.

Free software welcomes the people you and M$ despise
It's only ever you that talks about 'hatred' and 'despising' users. Something you want to share?

Linux bots, seldom seen. (1)

twitter (104583) | more than 7 years ago | (#19497033)

Irritating Windoze defender, Macthorpe, pretends there's a GNU/Linux botnet problem:

Have you ever heard of Q8bot or kaiten? Probably not, but they're Unix/Linux flavoured bots. So much for your 'all botnets are Windoze' FUD.

Well, no, I had not heard of such things. Ever helpful Macthorpe even offered a link [honeynet.org] to tell me why I don't hear about such things. They are listed under this heading:

Besides these three types of bots which we find on a nearly daily basis, there are also other bots that we see more seldom. Some of these bots offer "nice" features and are worth mentioning here:

In the description, they note they have yet to find the mechanism of spread. A reasonable person will conclude that Botnets are a Windoze created problem and not something to worry about. After all, study after study shows the average time it takes to break a Windoze box is on the order of minutes, but a GNU/Linux box will last for months out of the box. A paranoid person will wonder if M$ has not honeynetted honeynet themselves with bogus infected GNU/Linux machines.

Who are you? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19497173)

Does Microsoft pay you to discredit free software and open source?

Re:getting a clue. (1)

dedazo (737510) | more than 7 years ago | (#19497047)

I'd believe you if you were running some other software to monitor your network activity

You seem to know a lot about my setup. Perhaps you'd like my IP address to see what you'll find between my boxes and the interwebs? You might be surprised. And as long as we're all having fun proving negatives and questioning each other's network and security expertise, how about you show me proof that your Linux boxes are not rooted?

I think they have vastly underestimated the problem, that botnets are entirely Windoze driven

We've been through this before. No one is contesting that the vast majority of machines in botnets run Windows (oh, "Windoze", HAHAHA!). But the implication that all botnets are completely made up of nothing but Windows machines is a lie that is easily debunked. In fact it has, but you conveniently choose to ignore that.

using Microsoft's auto-update is the surest way to have your computer broken.

Wow, we're in full-fledged FUD mode now!

Free software welcomes the people you and M$ despise

If free software is populated by pathological liars, psychotic haters and FUDsters like you, I'd rather they just stay with "M$ Windoze". Freedom at the expense of sanity is no freedom at all.

...none of my Windows machines are in a botnet (1)

Larry_Dillon (20347) | more than 7 years ago | (#19496233)

As far as you know ... none of my Windows machines are in a botnet ;-)

The advice they are giving home users. (1)

twitter (104583) | more than 7 years ago | (#19495399)

The advice given to home users [us-cert.gov] (and this [cert.org] ) is clearly Windows specific, even though Windows is not mentioned. They go through the usual laundry list of things which are failing corporate users, firewalls, "patches", anti-virus and so on and so forth. Way down in the glossary is a mention of "Linux" linked to the "webopedia" [cert.org] .

As I said before, these are important first steps. The information presented may be useful to novice computer users, but it's incomplete because it does not include some of the most effective options. We can only hope they follow up on this start.

Actual FBI press release (0, Redundant)

Animats (122034) | more than 7 years ago | (#19495427)

Skipping the ad-heavy page linked in the article, here's the FBI press release [fbi.gov] .

As usual, no mention of Microsoft.

Problem between keyboard and chair (2, Insightful)

athloi (1075845) | more than 7 years ago | (#19495483)

While I am fond of the users I support, I find it takes a lot of education to get them to stop falling for the most common scams: funny email attachments, phishing, and phone calls asking for their credit card numbers. They're not stupid people. They're just a little clueless and disconnected from a world that, quite frankly, bores and intimidates them.

I would like to suggest that, whatever operating system we put on the desktop for the average person, there be some initiative to educate them in best practices computing, even if only for the 4-10 common tasks (email, websurfing, games, mp3s, pr0n, quicken, word processing) they will use. I volunteer to design and write the curriculum if there's some rational initiative to get it out there to the human herd.

Re:Problem between keyboard and chair (1)

Truesilver (1065016) | more than 7 years ago | (#19495693)

"...and our next lesson will be: The proper way to download pornography...admit it, everyone does it..."

Re:Internet License (0)

Anonymous Coward | more than 7 years ago | (#19496327)

The only cure is to issue internet licenses with computer inspections by the government just like cars get inspected for emissions.
Internet usage will become a priviledge, not a right eventually.

Tools for checking for Bot activity (1)

orb_fan (677056) | more than 7 years ago | (#19495621)

So what tools are available to check for bot activity on your network? From what I've read, it seems to be to monitor port 6667 (IRC) for non-human readable text.

Re:Tools for checking for Bot activity (1, Interesting)

codepunk (167897) | more than 7 years ago | (#19496087)

iptraf is the one I use most often...I doubt the %75 percent figure I find it closer to 95% of the networks I have
inspected are owned.

Mmmm... bot roast! :9 (0, Offtopic)

nlitement (1098451) | more than 7 years ago | (#19495639)

Definition of bot:
-noun
the larva of a botfly.
Bot roast on a toast!

Are They Allowed To Do This? (4, Funny)

Bob9113 (14996) | more than 7 years ago | (#19495919)

Is the FBI allowed to do this? Did they get special dispensation from the RIAA and MPAA to work on a project that appears to be completely unrelated to copyright infringement?

Gartner (1)

codepunk (167897) | more than 7 years ago | (#19496155)

Gartner predicts that by year-end 75% of enterprises 'will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses.'"

I think they are full of it, I am willing to bet with a linux box jacked into a mirrored port in the core that I can find bots and malware on more like 95% or better of windows based enterprises. There is not a network I have looked
at in the last two years that is not owned, botted etc in some fashion.

M$ (0, Troll)

asninn (1071320) | more than 7 years ago | (#19496299)

Microsoft and the Botnet Task Force have also helped out the FBI.

Yes, it's true - without microsoft, this wouldn't have been possible.

Think about it...

Why not simply list them as viruses? (1)

BobMcD (601576) | more than 7 years ago | (#19496709)


If bots are the new viruses, why not let the established tools treat them as such? Can't the FBI just turn the entire codebase over to Symantec, McAffee, etc, etc, etc? Seems like this would help a lot of people in the short term...

Or, if this is already being done and the users aren't using any kind of AV software, I would think they have chosen this route, have they not?

Would the study then be saying that 75% of companies aren't using up-to-date virus software? Or even 95% as a poster above suggests? I'd think the reverse is more likely, that AV is being run, but isn't effective at detecting the botware.

Not Sure what's Worse (3, Funny)

MrCopilot (871878) | more than 7 years ago | (#19496789)

Finding out that my PC has been Zombified, Or the FBi informing me they found my PC zombified.

And dont forget.... (1)

nurb432 (527695) | more than 7 years ago | (#19497119)

Once you are a member of a botnet, you have been compromised and could be sharing your music files and never even know it..

Hear that RIAA? Millions of people .. Millions.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>