FBI: 1 Million US Computers Have Been Taken Over By Botnets

The FBI has tells us that they’ve found 1 million US computers that have been compromised and are being controlled and used for evil.

These networks are called botnets, and according to the FBI, botnetted computers can be used to:
• Steal the computer owner’s identity;
• Launch massive spam campaigns;
• Engage in click-fraud–schemes which artificially inflate the number of visitors to a website; and
• Launch denial of service attacks that can cripple web servers and crash sites.

Fun! Sadly there’s not an easy way to know if your computer is being controlled by a botnet. There are signs, however.

If you have mail in your outbox that you don’t remember sending, or, if your email address is getting undelivered spam bounced back to it, you might be part of a botnet.

What to do if you think you’ve been botnetted:

• Don’t call and pester the FBI about it. They do catch botherders such as Mr. James C. Brewer of Arlington, Texas, who is accused of infecting tens of thousands of computers worldwide, including some at Chicago-area hospitals, but they’re not about to give you tech support.

• File a complaint with the internet crime center.

Let’s hear some strategies for protecting your computer from botnets. What are your favorite tools? —MEGHANN MARCO

OPERATION: BOT ROAST [FBI]
Botnets and Hackers and Spam (Oh, My!) [FTC]
(Photo: frogmuseam2)

Comments

Edit Your Comment

  1. Buran says:

    Don’t use Windows.

  2. ChrisC1234 says:

    Oh no… I’m always getting spam bounced back to my email address. I must be infected. But wait, I just remembered that I have a Mac which isn’t part of a botnet. Must be some fool that I know with windows who’s machine is compromised.

  3. Jaysyn was banned for: http://consumerist.com/5032912/the-subprime-meltdown-will-be-nothing-compared-to-the-prime-meltdown#c7042646 says:

    1# best way to not get botted / rooted is to not use Windows. Any flavor Windows. I don’t care if you have Vista Super duper edition, it’s still insecure compared to Linux, BSD & OSX. If all you use your PC for is Internet, Email & Word Processing then you may want to consider getting off of Windows. There are plenty of free options out there that work just as good if not better than Windows for those functions. My personal choice is Ubuntu Linux. If not running Windows just isn’t an option, then for God sakes:

    a.) install virus protection (AVG, Anti-Vir & ClamWin are all free)

    b.) use a *hardware firewall*, software firewalls are a joke.

    c.) scan your PC with Spybot & HiJackThis occasionally.

    d.) do not use Internet Explorer for anything other than Windows Update. Use Firefox. Or Maxthon. Or Opera. Anything but IE.

    e.) Keep your operating system & software updated. I can’t stress this enough. If you haven’t updated Norton AV / Internet Security (not that I recommend Norton for anything) in 2 years, then it’s almost like not having any protection at all.

  4. Juliekins says:

    If you have mail in your outbox that you don’t remember sending…

    This is…not exactly how it works. Most of these things install their own mail engines and just crank out spam on their own. They never touch your mail client. Go to the command line and type “netstat -ano” If your system is listening on port 25 and you aren’t running a mail server, there’s a good chance you’re infected. Maybe not a bot, but definitely something bad.

    Honestly, most of the botnetted systems I encounter on a day-to-day basis get infected because someone gets suckered into the “your friend sent you a postcard e-mail! Click here! http://www.pwnedmessageboardsoftware.com/obfuscatedmalwaredir/postcard.exe

    They run the postcard.exe, it installs a borked version of mIRC, joins a chat channel on undernet (usually) and proceeds to wait for commands. Botmasters can then then give the system commands over IRC, install software (like keyloggers, spam engines, etc), launch DDoS attacks, whatever.

    The scary thing is that more and more bots are abandoning IRC in favor of P2P-style communication. They can encrypt their traffic, which makes them very, very difficult (if not impossible) to detect with many intrusion detection systems.

  5. Juliekins says:

    If you have mail in your outbox that you don’t remember sending…

    This is…not exactly how it works. Most of these things install their own mail engines and just crank out spam on their own. They never touch your mail client. Go to the command line and type “netstat -ano” If your system is listening on port 25 and you aren’t running a mail server, there’s a good chance you’re infected. Maybe not a bot, but definitely something bad.

    Honestly, most of the botnetted systems I encounter on a day-to-day basis get infected because someone gets suckered into the “your friend sent you a postcard e-mail! Click here! http://www.pwnedmessageboardsoftware.com/obfuscatedmalwaredir/postcard.exe

    They run the postcard.exe, it installs a borked version of mIRC with an invisible system tray icon, joins a chat channel on undernet (usually) and proceeds to wait for commands. Botmasters can then then give the system commands over IRC, install software (like keyloggers, spam engines, etc), launch DDoS attacks, whatever.

    The scary thing is that more and more bots are abandoning IRC in favor of P2P-style communication. They can encrypt their traffic, which makes them very, very difficult (if not impossible) to detect with many intrusion detection systems.

  6. mwdavis says:

    Jaysyn made good points above.

    From a fairly pragmatic/working with newbies point of view, there are a few good things:

    If you are running windows, set up a USER level (rather than administrator) account and use that account for routine use. Only become the administrator when you want to install software that you trust.

    Never open an email attachment. Period. Those of you who know file extensions can amend this rule, but it’s safer for beginners just to make it a total no-no.

    Don’t click on links in an emails. Ditto as above.

    As noted above, keep antivirus software and OS software updated.

    NEVER let your computer or browser remember passwords for you.

    Any correspondence, financial data or personal data stored on your computer should be encrypted if it absolutely must be there. It will be happier on a USB drive or some other storage medium.

    Avoid MySpace.

  7. Juliekins says:

    Don’t enable services you don’t need. Running on Mac OS X or Linux (of any flavor) won’t help you if you enable services you don’t need and/or don’t know how to harden. I especially love super l337 Mac users that “need” to enable the root account. Every single botnetted Macintosh or Linux system I have ever encountered got that way because someone enabled an outdated, insecure protocol of some flavor (FTP, telnet, SSH prior to v1.99, rlogin, rsh, etc) and plenty of accounts with no passwords or crappy passwords. With protocols like FTP and telnet, the password goes across the wire in the clear, so it doesn’t matter how strong it is. Anybody with a packet sniffer and a little time can have it.

    When you enable remote login on a Mac, it listens for every flavor of SSH out there, including the cryptographically weak ones. It is trivial for bad guys to crack passwords for versions of OpenSSH prior to 1.99. Learn how to harden it or don’t use it.

  8. zentec says:

    As much as I love OS X, if you can’t switch to it, you need to make sure you take precautions. Use the ones others have outlined like never opening attachments in email.

    Do not use Outlook, Outlook Express or Internet Explorer. Quit downloading warez and pirated software. Quit hanging around free porn sites.

    Finally, plan on wiping your hard drive every six months and reinstalling your OS.

  9. Godz says:

    So if I have a corporate edition anti-virus, anti-spyware and root-kit scanner then I am perfectly safe right?

  10. shdwsclan says:

    NO way……haha….
    The key is botnet, i even have one….
    A bot is a preprogrammed robot that scans, and infects your computer to allow it control, basically, this is a true virus……

    Its semi-simple to implements…..

    Since its custom made….its usually impervious to any attacks, especially if you keep on a small scale, like 1000 comps….then no-one hears about it..

    Yes, it can steal data, and stuff, but its usually used to take down forums and blogs that refuse to post you inflamatory messages.
    There are even tutorials on how to disable various anti-viruses and securities before transmission. The only true way to get rid of them is to reformat you computer. And that is not always true, cause if your comp has somesort of security chip, it can write-itself to that. And unlike website virus, bots scours the net, finds a target and preps a deploy, so not even mac users and linux users are safe….

    SINCE YOUR PROBABLY A MAC USER AND DIDNT READ MY ABOVE PARAGRAPH, I SAID MAC USERS ARE NOT SAFE.
    Also, archive and install is a joke….since your files are still there and if any exploits have been used, your bot will be back up again…

    continuing, oh, yeah…you can get caught if it calls home base, the easiest way is to use a nlu2 in a foreign country as a relay….so feds cant find you…

    Oh, yea, the way they find you is that they trap your bot inside a honeypot server which emulates a large network…..and then they trace the target, but if the target is…lets say inside a wall, hardwired into the network of a hotel in a foreign country, then they will never find it…..

    So basically, this it how it works….for example if…im on lunch and like to type rants and flame on a blog….that blog made some rules and now they banned me….
    This blog only bought 200gb per month for bandwidth….which is perfectly sufficient for normal usage.
    Now, if i were to attack this blog and have every bot in my net continously reload that page, then those hits….might average about 12 gb per second….and in a few minutes/hours they would have spend their entire monly alotement sucessfully shutting them down, until they buy more bandwidth. Now they probably would do so, and the bots would return, and they would do this for a while…for a week or 2 and then their advertisers would shut out, and then would completely shut the site down, only realizing that they are $-500 in the hole from the attacks….

    Generally, its to hard to keep track of any files pertaining to user data, and who really cares about stealing some deadbeats identity, chances are they make only a third of your yearly salary, and have crappy credit….

    Now if it were a doctor, an md….then i probably would completely bankrupt them and drain the money into some foreign account…in lets say china….where fbi cant get to it, and then transfer it in small ammounts to a eastern european bank, and then to an american eastern european bank….and then back here….or better yet…withdrawl the money there in person and take it here in a fanny pack….completely untraceable…

  11. The Bigger Unit says:

    Predictably, the first three responses were Mac people.

  12. FLConsumer says:

    @Jaysyn: There’s just as many holes in all of the popular OSes anymore, not just Winblows. BUT, attacking Winblows systems is more productive, as there’s a much larger base of those systems out there. If you’re going to go through the effort, you might as well go for the largest target.

    Some other good advice in this thread, especially not using the root account and shutting off unnecessary services.

  13. Use a “harware firewall” because a “software firewall” isn’t secure? Why does that sort of blanket statement sound like huge bullshit to me?

    My Norton Firewall has been running my PC fine for a number of years. 30 bucks a year for that plus Antivirus. And you get a year’s worth of constant updates.

  14. pestie says:

    @Jaysyn: I don’t think a hardware firewall helps that much when it comes to botnets. Most crapware arrives via e-mail or web sites and is installed by morons who click “yes” every time some dialog box pops up. A hardware firewall does nothing to protect against this kind of attack. They’re useful, sure, but not so much for preventing botnet infections. Host-based software firewalls, on the other hand, let you police outbound traffic on a per-application basis, which is exactly what you need to at least identify and stop botnet software from running on your machine (provided it’s not smart enough to circumvent your firewall, which is becoming increasingly common).

    @FLConsumer: You claim that there are “just as many holes in all of the popular OSes anymore, not just Winblows.” But that’s a gross oversimplification. The privilege separation inherent in other OS’s (Linux for sure, presumably OSX as well) means that a security hole in Firefox, being run entirely in a non-privileged environment, is capable of far less damage to the system than it would be in a Windows environment, where you’re constantly running with administrative privileges. Since the entire system is designed with this type of structure in mind, it’s far, far less likely that a malicious piece of code can compromise the system at the OS level. This also makes detection and removal of such software much easier.

    The argument that “attacking Winblows systems is more productive, as there’s a much larger base of those systems out there” is the only reason you don’t see more Linux malware, for example, doesn’t hold much water, either. Linux may be rare on the desktop, but it’s everywhere in the server world, and those servers are much higher-value targets than a bunch of desktop machines. But when servers get compromised in the wild, it’s usually just some small corner of the system, like a vulnerable web app, that gets compromised. The damage is less, it’s more contained, and it’s easier to clean up.

  15. Juliekins says:

    @pestie: It definitely takes more intervention to get a rootkit/bot on a Mac, but it definitely can be done. I’ve never seen a Mac get infected with as little user help as it takes to infect a Windows system.

    As far as hardware vs. software firewalls…the more appropriate way to talk about this would be network-based vs. host-based. They’re all software-based, whether they run on a stand-alone appliance or on your desktop computer. pestie is also right that a firewall of any flavor won’t prevent you from getting a bot installed on your system, although they might prevent them from phoning back to the mothership…that is if the user doesn’t just blindly click “Allow” to everything. Most of them will do that, rendering the firewall useless.

    Speaking of useless, the Windows firewall allows all traffic outbound by default, so if you want more protection it’s probably best to use a 3rd party firewall. Norton is…well, it’s Norton, and I’m happy for people who like it, but I don’t. Comodo Personal Firewall isn’t a bad little host-based firewall, and it’s free. Zone Alarm used to be the 800 pound gorilla of the free host-based firewall product, but it’s only a 15-day free trial now.

    Also, Mac users, you should enable your firewall. It isn’t enabled by default. Go to System Preferences–>Sharing–>Firewall and click “Start.” Go back to Services… is good and it’s free.

  16. Juliekins says:

    Holy comment truncation, Batman! Here’s what I was trying to say:

    Also, Mac users, you should enable your firewall. It isn’t enabled by default. Go to System Preferences–Sharing–Firewall and click “Start.” Go back to Services and make sure that EVERYTHING is unchecked unless you have a VERY, VERY good reason to have any of those services turned on. Oh, and you should be using an antivirus product. Yes, despite that smug douche in the ads, you really do need one–even if it’s to prevent accidentally forwarding something on to your Winblows-using buddies. ClamAV is good and it’s free.

  17. Jaysyn was banned for: http://consumerist.com/5032912/the-subprime-meltdown-will-be-nothing-compared-to-the-prime-meltdown#c7042646 says:

    @The Nature Boy:
    I’m not a Mac person. I use AutoCAD, Microstation & various GIS applications at work & home, none of which run on Mac (or Linux for the most part). Even if I was a Mac user I don’t see what that has to do with valid advice for keeping your system clean. I actually like BeOS the best anyhow. :D

    @FitJulie: You’ve got some great advice, the reason I mentioned the hardware/software firewall thing is it’s generally a lot harder to turn off a hardware firewall. I’ve seen quite a few people leave their Zone Alarm or Norton or whatever off cause they were tired of it constantly asking questons. I didn’t know ClamAV made software for Mac.

  18. Xkeeper says:

    Like someone said, “suprise, every Mac user must begin dickwaving immediately”. Okay we get it shut up or get out.

    In other news, easy four-step plan to never getting infected:

    – Don’t be a dumbass and open everything your 74-year-old grandparents send you. Just don’t.
    – Avoid going to websites that you’ve never heard of just because some friend says “hey check this out its cool”. Maybe throw it into Google, see what comes up.
    Do not EVER click “Open” on files you download if you are NOT 100% POSITIVE that you can trust this file. Save it and throw it though a virus scan first.
    – Do not ever click “Yes, install” in random dialog boxes that come up.

    And, as sad as it is:

    – The little bouncing, flashing dialog error message box that comes up is NOT AN ACTUAL ERROR OR NOTICE. IT IS AN ADVERTISEMENT. FOR GOD’S SAKE, DON’T FUCKING CLICK IT.

    I have my own grandparents and their computer is remarkably fucked up thanks to the “oldnet” — the network of old people every old person knows on the internet that sends the same stupid tired jokes to every other preson on the internet…

    On the other hand, this computer’s been hit with a virus a whopping total of once in the whole year I’ve had it, and that was just because I did something really stupid I should’ve known better about. That goes for the rest of my computers, too — until some other moron uses them (i.e. sister), they work great, spyware/adware/virus free as long as I use them.

  19. Buran says:

    @The Nature Boy: Where the fuck did you get that from my statement that using Windows in this day and age is not a good idea? Which is all that I said? I didn’t recommend anything other than not using Windows.

    And it’s perfectly sane advice no matter how much hiding-behind-net-anonymity jerks like you want to think it’s not.

  20. @Jaysyn: Most routers come with Firewalls built in these days which leads us to our next point… DO NOT USE De-Militarized Zoning!

  21. The little bouncing, flashing dialog error message box that comes up is NOT AN ACTUAL ERROR OR NOTICE. IT IS AN ADVERTISEMENT. FOR GOD’S SAKE, DON’T FUCKING CLICK IT.

    @Xkeeper: My god you have no idea how many people click that. And let’s not forget the “You’ve won a free [insert high-cost product here]” advertisements….

  22. aikoto says:

    @Jaysyn:

    Software firewalls are not a joke. They are the only thing that tells you when a program is trying to access the Internet that shouldn’t. You should always use both.

  23. dix99 says:

    And you purchased your PC, not Mac, as it was….cheap

    Well Windows saved you a bunch there, didn’t it..

  24. Mr. Gunn says:

    It’s not the OS, people. It’s the users.

  25. Buran says:

    @Mr. Gunn: Actually … while the users are largely to blame, so is the OS — you can do everything recommended to try to keep a Windows machine safe and it’s still full of security holes and you’ll still get hit. You can even wind up with an infected machine if all you do is install the OS and connect a network cable.