In Fight Against Botnets, Warning Victims Is Half The BattleIn Fight Against Botnets, Warning Victims Is Half The Battle

The feds have caught some of the alleged "bot herders" it says are spamming the world from botnets they've created. Now they'd like to warn more than 1 million computer owners whose machines have been infected, but doing so will be an inexact and tedious undertaking.

Investigators with the Federal Bureau of Investigation tracked down the million victims while working on five cybercrime cases, three of which have resulted in charges being filed. James Brewer of Arlington, Texas, last week was indicted on charges of operating a botnet that infected 10,000 computers, including those of Chicago-area hospitals. Jason Michael Downey of Covington, Ky., is accused of using botnets to launch denial-of-service attacks. Robert Alan Soloway of Seattle is charged with using a botnet network to send tens of millions of messages advertising his Web site.

The FBI initially reported that it was going to work with the U.S.-CERT Coordination Center at Carnegie Mellon University to notify the owners of the compromised computers. It turns out, however, that's easier said than done. "We would not be able to resolve all the IP addresses and contact all the individual victims," says Shawn Henry, deputy assistant director of the FBI's Cyber Division.

Instead, the agency has begun notifying ISPs from which the IP addresses of infected computers originated. "If they choose to, they can contact their customers," says Henry. If the FBI determines that a large company or organization is among the botnet victims, it will notify them directly, he adds.

Combing through the IP addresses of zombie computers and notifying ISPs will be one of the biggest jobs the FBI has ever undertaken, says special agent Richard Kolko.

Botnets are created by hackers and malware writers, who infect computers with viruses and Trojans that let them remotely control the machines. They amass thousands or hundreds of thousands of zombie computers, from which they launch massive waves of spam, malware, and denial-of-service attacks. In recent months, botnets have been increasing in number and size. Owners of zombie machines generally aren't aware that their computers are infected and controlled by someone else.

Because botnets are widely distributed, the FBI considers them a growing threat to national security, the national information infrastructure, and the economy, according to an agency advisory issued last week.

CYBER EMERGENCY
In the Brewer case, prosecutors charged that he used a 10,000-strong botnet to scan the Internet for unprotected computers that could be added to his zombie army. The botnet included computers in the Cook County Bureau of Health Services, which operates health care centers throughout the Chicago area. According to the indictment, some of the infected computers belonged to the nuclear medicine department and oncology-radiation therapy department at John H. Stroger Hospital and the pharmacy department at Oak Forest Hospital.

Because of the botnet infection, the hospitals' computers would repeatedly freeze or crash, causing "significant delays in the provision of medical services" and access to data needed by health care workers. The hospitals spent more than 1,000 hours trying to fix the systems.

In recent months, rival online gangs have even begun a virtual turf war for bragging rights to the largest botnets, sending out waves of malware aimed at stealing zombie computers from rival gangs to build up their own army.

The FBI wants to raise public awareness that people and companies need to secure their computers against botnets. Says Henry, "We have to maintain personal responsibility over our computers."