Creator of Botnet Caught — Pleads Guilty

I have written numerous posts on botnets. You can read More on Botnets — The Most Rapidly Evolving Computer Threat, or Botnets–One of the Most Serious Computer Threats on the Internet. So I won’t go into what botnets are once again. I wanted to share some recent news, though, which highlights the economic motives of these botnets, and brings home just how vulnerable everyone’s computer is.

Christopher Maxwell, a 20-year-old Vacaville, CA. resident, plead guilty in federal district court in Seattle on Thursday May 4, 2006, to having created a network of bots using more than 13,000 commandeered computers, otherwise known as zombies.

Maxwell used the bot network to install adware on compromised computers, reaping commissions of approximately $100,000 for himself and his co-conspirators. In order to run the bot network, Maxwell illegally commandeered high-powered computers from California State University at Northridge, the University of Michigan and the University of California at Los Angeles.

Of course, by some standards, Maxwell has been underpaid, although in fairness his bot network is relatively small. According to a story in the Washington Post, in November, 2005, FBI agents arrested a 20-year-old from Southern California for installing adware on a botnet of more than 400,000 hacked computers. Jeanson James Ancheta’s victims included computers at the Naval Air Warfare Center and machines at the Defense Information Systems Agency. He plead guilty to the charges in January, 2006.

The distribution of online advertisements via spyware and adware has become a $2 billion industry, according to security software maker Webroot Software Inc. And as the industry has boomed, so have the botnets.

Frightening, isn’t it? First, that so many computers were taken over without their owners suspecting. Second, that the economic return was so high for such a short period of time. And third, that the computers taken over aren’t just mom and pop sitting home surfing the net. Oh, and I just have to mention that we, as a society, really have to work on getting jobs for these kids graduating from high school and college, because the siren’s call of earning so much money for doing just a few hours work on the computer each day is very strong. Read on. . .

The sole purpose of a botnet isn’t just to commandeer a bunch of computers for installation of adware. If only that were the case. Computer forensic experts have discovered that many bot programs also contain more than 30 other features, including the ability to capture all of the victim’s Web traffic and keystrokes, as well as a program that looks for PayPal user names and passwords. Other programs installed by the bot even allow the attackers to peek through a user’s webcam. Excuse me while I aim the webcam away from the bed . . . God knows what it will show my dogs doing! 🙂

Some of the computers affected by Maxwell’s efforts included those at Northwest Hospital in Seattle. As the bot network scanned the hospital computers to load adware, network traffic increased to such an extent that it interrupted communications of the hospital’s surgical team, diagnostic imaging services and laboratory services.

The cost to the hospital to address the botnet problem was initially pegged at almost $150,000. And likely it was the disruption at the hospital which led to the investigation which caught Maxwell.

There is no mention in the article in CNet News as to whether Maxwell’s co-conspirators have been identified. But it does mention that sentencing will be on August 4th. You can be sure I will report back.

What should you be doing to protect yourself?

Again, refer back to the posts referenced above, as well as many I have written here and there regarding fighting Trojans, worms, viruses etc. All come down to the same steps:

1) Be smart! Do not open emails when there is no subject, and a sender name you don’t recognize. Do not open emails when the subject line contains gibberish or typos but the sender appears to be a respected institution like your bank, the IRS or some other government agency, or a credit card company. Never open attachments which you are not expecting or which are not clearly explained within the body of the email. Wait at least 24 – 48 hours if you are suspicious but your curiosity is getting the better of you. That way your virus protection definitions will have been updated to deal with something you may unleash. (They usually lag a full day behind the unleashing of something nasty.)

2) Do not visit questionable or disreputable web sites. You can become infected just by visiting.

3) Do not install free games, emoticons, smiley faces, videos, or any other freeware. They often come bundled with spyware.

4) Always read the End User License Agreement (EULA) before clicking “I Agree.” I know, it’s like having root canal without Novocain, but you have no idea what can be hidden in there.

I recently read about a free software utility on the highly respected American Bar Association listserv LawTECH. I went to the web site, and just as I was about to click on “I Agree” — because of course those who recommended were smarter than me — I thought, NO, let me follow my own advice.

Sure enough, buried about 3/4 of the way down in the fine print of the EULA, was a paragraph that stated that my agreement to install the software granted the developer the right to use some of my internet bandwidth on an on-going basis. Oops! I don’t think so. There will be no ET PHONE HOME going on with my computer, thank you very much!

5) Stay out of chat rooms. You will be infected, or at least have your email address harvested for spam, within the first twenty to thirty seconds of joining in.

6) Keep your anti-virus and anti-spyware updated. Be sure that the newest definition sets are automatically downloaded and installed each night. Periodically check to see when they were last updated, because some Trojans turn off the automatic updating feature and you don’t even know it.

When botnet builders are arrested and interviewed, they say that the majority of computer users are so stupid they deserve what they get, and point to the fact that they don’t do something as basis keep their anti-virus and anti-spyware up to date.

7) Promptly install all operating system security patches, and program security patches. If you don’t know how, then have your PC support vendor set your operating system to download and install them automatically.

[Note that this coming Tuesday Microsoft will be releasing an extra critical security release for XP, as well as several other of its programs.]

8) Always use passwords on your computer. DO NOT create a note in Outlook labeled “passwords” and put them all there. Do not put it on a sticky note and leave it on your monitor. Do not use the name of a child or pet.

Pick a phrase which is meaningful instead, as it’s harder to crack, especially if it includes upper and lower case, and numbers or special characters. As an example, suppose you are assigned parking space 123 at work. A password of Park123 is darned good, and memorable. If you drive 20 miles to work, a password of Drive20 would be a good password. Even better would be Drive20*. That special character will make your password much more invincible to cracking.

9) When you visit a legitimate site, be very careful / alert for false pop-up log-in screens designed to illegally capture your confidential information and password.

10) Do not allow Internet Explorer to save your passwords, account numbers, or credit card numbers in order to save you time logging in the next time you visit a secure site. Should your computer be successfully hacked, these will all be harvested and you may find yourself a victim of identity theft in short order.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes