|
| The three men are said to have taken remote
control of zombie computers. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis center, have welcomed
the news that authorities in the Netherlands have arrested three
men suspected of running a zombie network of more than 100,000
computers.
The men, aged 19, 22 and 27, are accused of computer hacking,
installing adware and spyware and using innocent people's
compromised computers without their permission. Police confiscated
computers, cash and a sports car during a search of the suspects'
homes.
Prosecutors claim that the men ran a zombie network of 100,000
infected computers, one of the largest ever detected, which
included computers around the world. Such zombie networks, also
known as botnets, are often used to launch distributed denial of
service attacks (DDOS) or to launch spam campaigns.
The suspects are alleged to have used the W32/Codbot worm (also
known as Toxbot) to take remote control of the PCs of innocent
computer users. A number of new versions of the Codbot worm have
appeared since the start of 2005, as its authors changed its
appearance in an attempt to avoid detection by anti-virus software.
Some versions of the Codbot worm captured keypresses, in an attempt
to commit identity fraud by stealing bank account information and
credit card numbers.
Dutch authorities are investigating claims that the gang
attempted to blackmail a North American organization. It is not
unusual for criminal gangs to use zombie networks to extort money
from online companies, forcing them to pay to prevent a DDOS attack
against their websites.
"Zombie botnets are becoming an increasing security problem as
they pump out spam campaigns, steal information, or launch attacks
against corporate networks," said Graham Cluley, senior
technology consultant for Sophos. "The Dutch authorities should be
applauded for investigating this case, but with many other internet
criminals in operation these arrests are unlikely to make a
dramatic impact on the safety of the internet."
In August, an American teenager was sentenced to five years juvenile
detention for launching DDOS attacks against online sportswear
retailers.
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information. SophosLabs estimates that more than
60 percent of all spam today originates from zombie computers. In
May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect
and hijack computers around the world, programming them to spew out
German nationalistic spam during an election.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of spyware, spam and
viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.