Cops Hunting Monster-Botnet Builders

The FBI and British law enforcement authorities are trying to hunt down hackers responsible for the largest botnet (robot network) ever known to the IT world, according to a California-based Internet security company.

Finjan's Chief Technology Officer has told the Financial Times that six people based in Ukraine are suspected of compromising 1.9 million computers worldwide in just two months — many of them in the U.S.

"With this many computers affected, everyone was there on the list – the U.S. Federal government, big universities, very large public companies," the Chief Technology Officer Yuval Ben-Itzhak told the FT.

London's Metropolitan Police department confirmed to CBS News on Wednesday that their e-crime unit was investigating a botnet created by Ukrainian hackers. The Met would not say what other agencies they are working with, but they do often work with other agencies on cases involving international cyber-crime, including the FBI.

CBSNews.com partner CNET reported Tuesday that Ophir Shalitin, Finjan's marketing director, said in an interview on the eve of the RSA security conference that the gang had compromised computers in 77 government-owned domains in the U.S. and elsewhere.

According to Finjan, nearly half of the infected computers were in the United States and almost 80 percent of the infected computers were running Internet Explorer, while 15 percent were using the Firefox Web browser, reports CNET's Elinor Mills.

However, Rupert Goodwins editor of CBSNews.com's sister site ZDNet.com, says Finjan has offered no hard evidence to back up their claim of discovering the world's largest-ever botnet.

"There's nothing we can corroborate this with," says Goodwins. Usually a botnet has a name and easily identifiable code which is rapidly circulated among the Internet security community.

"Our major concerns with the story are that it's not verifiable, that key facts are missing — most importantly: who is still vulnerable and what can they do about it," says Goodwins.

"Finjan has got things wrong in the past," warns Goodwins, but adds that a botnet of the magnitude reportedly discovered by the security company is, "certainly plausible, and I tend towards believing it."

Goodwins points to the recent threat from the Conficker worm as an example of an easily identifiable — and verifiable — botnet.

Finjan reportedly discovered the malicious network in February by allowing some of their machines to become infected with the Trojan virus used by the hackers, and then tracing the source back to a server in Ukraine. Finjan told ZDNet security reporter Tom Espiner the hackers were exploiting vulnerabilities in Internet Explorer and Firefox Web browsers.

The server driving the botnet has been shut down, but Finjan's technology chief Yuval Ben-Itzhak told the FT it could easily be re-launched by the six suspects if they are not apprehended.

According to Finjan, a botnet of this size could easily have used its collective spaming power to shut down almost any Web site it targeted.

From ZDNet, here is the definition of a botnet:

Also called a "zombie army," a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet.
  • Tucker Reals

    Tucker Reals is the CBSNews.com foreign editor, based at the CBS News London bureau.

Comments