The Justice Department has charged or arrested three men in conjunction with the FBI’s Operation Bot Roast, a national investigation that uncovered more than one million IP addresses that have been co-opted into botnets.
The FBI today said it is working with the CERT Coordination Center at Carnegie Mellon University to notify the owners of the zombie computers.
The FBI has charged or arrested James C. Brewer, Arlington, Texas; Jason Michael Downey, Covington, Ky., and Robert Alan Soloway, Seattle.
The FBI alleged that Brewer operated a botnet that infected Chicago area hospitals, and in turn tens of thousands of computers worldwide. The agency said Downey used botnets to generate a DDoS attack, and alleged that Soloway used a large botnet to spam tens of millions of unsolicited email messages advertising his website.
Soloway, 27, was indicted last month on 35 counts of fraud identity theft and money laundering in U.S. District Court in Seattle. He faces up to 65 years in prison.
Ron O'Brien, a senior security analyst at Sophos isn't sure these arrests — and Brooklyn resident Adam Vitale's guilty plea to violating the CAN-SPAM Act by sending out 1.2 million spam emails — really address the spam problem.
"It's like taking one guy off the corner selling drugs — there's just someone on the next corner," he said.
Bot herders are taking advantage of the fact that "there's a large number of computers not running anti-virus software (that is) not up to date," O'Brien said.
"The FBI is clearly concerned about the number of computers in the United States that are being operated remotely without the knowledge of the computers' owners. How the FBI proposes to notify [infected users] that their computer is compromised is not clear," O'Brien said. "What is clear is that this is an opportunity for computer owners to take a moment to run a scan of their computer to determine whether malware is present."
The FBI said it will continue to "aggressively investigate" cybercriminal attacks.
James Finch, FBI assistant director for the Cyber Division, said Tuesday in a statement that end-users should employ safe computing practices to avoid having their PCs infected.
"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," he said. "An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer habits to reduce the risk that you computer will be compromised."
Get more IT security news. Click here for SC Magazine Blogs.