The FBI Wednesday announced that its "Operation Bot Roast" anti-botnet sweep has so far identified more than 1 million hijacked personal computers and resulted in the arrest of three men charged with everything from spamming to infecting systems at several hospitals.
The operation is an ongoing effort to disrupt the bot trade and identify botnet controllers, the FBI said at a news conference. "Bot" is the term for an infected personal computer. A "botnet" is a large number of hijacked PCs controlled by a hacker, called a "bot herder." Botnets are used by spammers, criminals launching distributed-denial-of-service (DDoS) attacks and malware authors looking to spread their applications.
"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," James Finch, FBI assistant director for the cyber division, said in a statement.
With the help of the CERT Coordination Center at Carnegie Mellon University, the FBI is also trying to notify the owners of the million-plus victimized computers it has fingered as bots. "Through this process, the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity," the agency said.
That's exactly how authorities uncovered bots controlled by the three men recently arrested, including longtime spam king Robert Soloway in Seattle recently. Besides Soloway, prosecutors have charged James Brewer of Arlington, Texas, and Jason Downey of Covington, Ky., with various felonies.
According to indictment papers filed yesterday in a Chicago federal court, Brewer compromised more than 10,000 computers worldwide, including machines at two area hospitals, between October and December 2006. "The 'bots' caused the infected computers to, among other things, repeatedly freeze or reboot, causing significant delays in the provision of medical services," the indictment states. It took the hospitals more than 1,000 man-hours to clean up after the infections.
Downey, meanwhile, was charged two weeks ago with running a botnet that conducted DDoS attacks using an IRC (Internet relay chat) server called Yotta-Byte.net. Last year, that server was one of several that Sophos PLC linked with ongoing attacks by the Agobot worm.
Estimates of the botnet problem's size are hard to pin down, but Symantec Corp.'s most recent report estimated that there has been a 29 percent increase in the number of hijacked computers in the second half of 2006.
This story, "FBI Nabs Three 'Bot Herders'" was originally published by Computerworld.