[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 22 February 2006, 10:10 GMT
Zombie PCs growing quickly online
By Mark Ward
Technology Correspondent, BBC News website

US Naval crew members of USS Ronald Reagan, AFP
Some zombie computers were found at a US naval base
Indictments and court cases in the US have once again thrown the spotlight on so-called zombie computers or bots.

In mid-February Californian Christopher Maxwell was charged with creating a network of remotely controlled computers or bots that they put to several uses.

The US alleges that Mr Maxell and two accomplices netted $100,000 by bombarding the owners of compromised computers with pop-up adverts.

The US Department of Justice alleges that the network of 'bots was also used to shut down computer systems at Seattle's Northwest Hospital in January 2005.

In a separate case, in late January Jeanson James Ancheta pleaded guilty to charges that he set up and controlled tens of thousands of zombie computers that were used to send spam, attack websites and pepper users with pop-up adverts.

Mr Ancheta made more than $61,000 by renting out the bots and by using them to serve up adverts. Mr Ancheta is facing up to six years in jail and must pay the US government restitution.

Body count

Statistics gathered by security firm Ciphertrust reveal just how bad the problem of botnets is getting.

"Every day we are detecting more than 250,000 connecting to the internet and sending mail," said Paul Judge, chief technology officer at Ciphertrust.

"That's unique machines that have never done it before," he said. "It's a distribution platform that is becoming more popular for attackers."

Mr Judge said the count of new bots had hit 250,000 every day in November 2005 and had stayed at that level ever since.

Online bank login screen, BBC
Phishing gangs and spammers use zombie computers
Machines that are part of botnets can be hard to spot, said Mr Judge, as some only send a few messages per hour. With tens of thousands of machines in a botnet, that sending rate still adds up to a lot of e-mail.

As numbers have climbed, those behind the botnets have started to specialise, said Mr Judge.

Some people simply create the networks while others hire them out. Others write the spam they are used to send and some administer networks when they are being used to distribute spam, phishing e-mails or messages infected with viruses.

Some of them run the net domains associated with spam, phishing or ID theft rings that act as drops for any information being fed back.

Christopher Boyd, security research manager for Facetime Security Labs, said the hiring out of botnets could be a risky business.

He said many people who rent out botnets only do so to try and compromise the network and take control away from its administrator.

Regularly, he said, wars were waged online as botnet controllers try to grab more machines for themselves. Machines that are part of one botnet become a target for others because they are demonstrably vulnerable to being taken over, he said.

There were instances of botnet controllers patching up PCs to stop others trying to take the machines over by the same vulnerability.

Malicious message

Most zombies are recruited by viruses and trojans. Some of these backdoors into computers are installed if users visit the wrong website in so-called drive-by downloads but many are e-mailed and rely on naive users opening infected attachments.

Windows XP operating system, Getty Images
Windows machines are popular with bot herders
Guillame Lovet, threat response team leader at security firm Fortinet, said statistics on the most prevalent viruses of 2005 showed how many were created to recruit bots.

In the first six months of 2005, said Mr Lovet, the most active Windows viruses were those that scoured the net for vulnerable machines to recruiting into botnets. The MyTob worm first appeared in February 2005 and many variants of it have been created since.

These worms proved hugely successful, he said and prompted a change of tack by the hi-tech criminals.

"Once established, those with the botnets go from the building phase to the exploitation phase and start to use them to generate profit."

Botnets were used as hosts for pornographic or illegal material, launch pads for spam and phishing mail messages and some are used to knock websites offline unless a ransom is paid.

Mr Lovet said there was evidence that a lot of companies hit by botnet attacks that bombard them with data, pay the ransom because it costs so much more to be off the net.

"They do not want to disclose that they paid because it's not good for business," he said.




SEE ALSO:
Blackmailers target $1m website
18 Jan 06 |  Technology
Close e-crime 'doors' firms told
25 Jan 06 |  North East Wales
American owns up to hijacking PCs
24 Jan 06 |  Technology
Home PCs hijacked to spread spam
03 Aug 04 |  Technology
New year brings fresh security fears
27 Jan 06 |  Technology
UK in grip of hi-tech crime wave
17 Jun 05 |  Business


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific