RealTime IT News

U.S. Clamps Down on Suspected Botnet Operator

A federal grand jury has charged Leni de Abreu Neto for his alleged involvement in a ring responsible for maintaining, leasing and selling a botnet , a network of hijacked computers often used to send spam.

According to the indictment, Neto, who is originally from Brazil, used a botnet consisting of more than 100,000 computers worldwide. The indictment, which was returned by a jury in New Orleans, said Nordin Nasiri, a resident of the Netherlands, created the botnet. It also alleges that between May and July, Neto agreed to help Nasiri sell the network and its source code to an unspecified third party for 25,000 Euros -- about $40,000.

The United States government is seeking to extradite Neto from the Netherlands, where he's currently being held with Nasiri for their role in the botnet. However, the U.S. Department of Justice (DoJ), which is leading the efforts against Neto, has not sought to indict Nasiri.

DoJ spokespeople declined to say how the United States got involved in the case, or why Nasiri is not being charged.

"Nasiri is being prosecuted by the Dutch, and all I can say about the extradition proceedings is that they're under way," DoJ spokesperson Laura Sweeney told InternetNews.com. Neto or his attorney were not able to be contacted by press time.

A botnet is created when someone hacks into and seizes control of computers, which are then called zombies , while the people who manage and control botnets are called bot herders. Botnets have proven both huge and difficult to track, and reports claim that every day, millions of zombies are used to send spam.

The indictment alleges that more than 100,000 computers worldwide were damaged and turned into zombies by Neto's activities. If the U.S. succeeds in its extradition attempt and Neto is convicted, he faces a maximum penalty of five years in prison and up to three years of supervised release.

Neto will also be hit with the largest of these penalties: A $250,000 fine, the gross amount of any of his financial gain or the gross amount of any financial loss suffered by the victims.

Of bot herders and Bot Roasts

The United States government is particularly concerned about botnets because they involve so many computers worldwide that they threaten national security.

The FBI has an ongoing cybercrime initiative called Operation Bot Roast, designed purely to combat botnets. The effort has uncovered more than $20 million in economic losses and identified more than one million victimized PCs.

In June of 2007, Operation Bot Roast netted three bot herders. Five months later, the FBI announced that it had charged eight more in connection with what it called Operation Bot Roast II.

Despite the successes, botnets continue to proliferate. Dealing with them is "a complex problem because often they're spread across multiple regions," Craig Schmugar, a threat researcher at antivirus vendor McAfee, told InternetNews.com. Botnets use multiple routes over the Internet and often rely on layered attack, in which malicious code from one Web site leads the victim to a second, then sometimes a third site -- each downloading a different set of commands.

So, why can't governments shut down botnets and arrest bot-herders? Because "the sheer number of them is huge," Schmugar said.

The Storm botnet had been the biggest of them all throughout 2007 as well as most of the current year, Dmitiri Alperovitch, director of intelligence analysis at enterprise security vendor Secure Computing, told InternetNews.com.

That botnet, first identified in January 2007, grew to anywhere from 160,000 to 50 million infected computers, according to estimates. However, Storm was ultimately overtaken by the Srizbi botnet, although it's beginning to regain some lost ground, Alperovitch said.

Not only are there lots of botnets, they're battling each other for dominance and bragging rights. "There's a daily competition between botnets about which is the biggest," he added.

Botnets grow through spam e-mails that lure victims into clicking on links or visiting Web sites that download malware. Their messages often entice clicks by touting nude celebrity photographs or information on news events like the Beijing Olympics. Two days after Australian actor Heath Ledger died earlier this year, for example, spam e-mails appeared with links promising to reveal the real reason behind his death, according to reports.

Such ploys are called social engineering. In addition to vying for dominance in scale, Secure Computing's Alperovitch said that botnets "compete for the most innovative social engineering methods."

Storm grew using the Storm Worm, a Trojan horse spread through e-mails carrying a tainted link to news about a deadly storm, while Srizbi relied on spam e-mails masquerading as CNN news updates or promising nude pictures of actress Angelina Jolie.

Law enforcement finds botnets troubling because they often are used by criminals. The FBI considers the Storm botnet a major risk to increased bank fraud, identity theft and other cybercrimes. Another botnet, Zbot, is controlled by Russian crime groups which are reported to have stolen millions of dollars from banks in four countries using the botnet.

It's because botnets are so lucrative that they're civilizing gangsters -- in a sense. "We've seen traditional violent criminal gangs get involved in cybercrime because so much money can be made," Alperovitch said. "It's better than engaging in violence."