September 12, 2007:
A zombies
best friend turns out to be Microsoft and ISPs (Internet Service Providers). It
works like this. Three months ago, the American FBI announced that Operation
Bot Roast had identified over a million compromised PCs, in scores of botnets.
The FBI tried to get in touch with as many of these computer users as possible,
and direct them to organizations and companies that can help them clean the
zombie software out of their computers. Help can be had for free, although many
of the compromised PCs were found to be clogged with all manner of malware
(illegal software hidden on your machine to feed you ads or simply track what
you do). But most of these PC owners could not be reached, or otherwise were
unable to fix their computer.
Most owners of zombiefied
computers didn't even realize their PCs had been taken over. Some, with heavily infected machines, do notice
that the malware slows down the PC. There have been cases where the user just
went out and bought a new computer. Usually, reformatting the hard drive and
reinstalling your software works, and is a lot cheaper. But most computer users
today don't know how to reformat a hard drive, or even get someone to do it for
them.
The problem was that Operation
Bot Roast only collected the IP (Internet Protocol) addresses of the
compromised PCs. The IP address is the "mailing address" every PC must have
when it is connected to the Internet. These addresses are distributed to ISPs,
who assign them to PCs that they connect to the Internet (and collect a monthly
fee for that service). Anyone can go to a site like http://www.ip-adress.com/
to find out which ISP controls which IP address.
The FBI began contacting the ISPs,
and asking them to contact their customers, preferably via the mail, who were
using the infected IP addresses at the time the FBI discovered that IP address
to be operating from a zombie PC. Most ISPs cooperated, or tried to, but many
did not, especially those outside the United States. ISPs prefer to live with
the zombies, rather than incur the added expense, and liability, of trying to
get their customers PCs cleaned up.
The FBI also pursued another
solution. Nearly all the zombies are running the Windows operating system. The
FBI is after Microsoft to do more about getting zombie software off PCs using
Windows. This is a lot more difficult to do than the FBI, at least the senior
guys at the FBI, realize. The main problem is that most PC users cannot handle
bot removal on their own. Automated tools are difficult to create because there
are so many different flavors of bot, and many now have anti-removal
capabilities. Microsoft does not want to release more powerful automated
bot-removal tools that will possibly trigger a flood of customer calls about
screwed up PCs. That's because, too often, a new bot will win in a battle with
a Microsoft bot-removal program.
So while it's great that the
FBI is identifying infected PCs, getting those computers cleaned up is turning
out to be a much more difficult chore. The Bot Roast project also made the FBI
more aware of who was creating most of those bots. The key culprits are some
brazen Russian programmers, who openly sell easy-to-use software for infecting
PCs with Zombies. The zombie creation software costs about $500, and IP
addresses of machines to attempt to infect go for $100 per million addresses.
Laws against that sort of thing are lax, or non-existent, in Russia. So now the
State Department has been enlisted to help persuade the Russians to crack down
on the cyber criminals they inadvertently shelter.