Scotland Yard and Botnets

Scotland Yard and the case of the rent-a-zombies

URL: http://zdnet.com.com/2100-1105-5260154.html

Vast networks of home computers are being rented out without their owners' knowledge to spammers, fraudsters and digital saboteurs, security experts said on Wednesday.

The terminals have been infected by a computer virus, turning them into "zombies"--slaves to the commands of a malicious and unseen controller. Connect them all up, and the result is a powerful network of zombie PCs that security experts call a "botnet."

The programming crooks--often teenage bedroom hackers--are hiring out these networks to anyone who wants to commit Internet mischief.

"Small groups of young people creating a resource out of a 10,000- to 30,000-strong computer network are renting them out to anybody who has the money," a source in Scotland Yard's computer crime unit told Reuters.

There may be millions of such PCs around the world doing the bidding of crime gangs, experts say, and they can be rented for as little as $100 per hour.

By marshaling the muscle of a few thousand computers, a spammer can send a burst of e-mail messages to sell all manner of products in the name of unsuspecting computer users.

Fraudsters known as "phishers" use the networks both to send deceiving messages and host authentic-looking bank Web sites designed to steal financial details, authorities said.

A more sinister use of botnets is sabotage, police say. A fear is growing that a botnet could be used to take down a major data network or prominent Web sites.

"You're talking about serious firepower," the source said.

'Hitmen' PCs Botnets have grown in number and ferocity since last summer, when a volley of digital contagions first hit the Internet, seeking to put unsuspecting home PCs under the command of a single programmer.

The hackers' task has been made easier by the growth in the number of homes connected to broadband--an essential prerequisite for a zombie.

A few months after these viruses first appeared, security experts and police noticed online discussion areas where blocs of virus-infected computers were on offer for those in the market for an army of "hitmen" terminals.

The commandeered machines were first rented out to spammers.

"The preferred method of spamming is now via botnets, and there's a lot of money to be made in hiring them out," said Mark Sunner, chief technology officer at security company MessageLabs.

Lately, botnets have been aimed at crippling Web sites. The ammunition in this case can be bought for a few thousand dollars, experts and investigators say.

"It's denial-of-service for hire," Steve Linford, founder of antispam organization Spamhaus Project, said in reference to a type of digital attack capable of crippling a company's network.

"If you want to take out a big site, you can rent a Russian botnet. When it is aimed at your computer there's nothing you can do," Linford said.

Police in Western Europe have had some luck dismantling a few networks and have made some arrests. But the racket runs deep, investigators say, extending from the United States to Western Europe and perhaps to Eastern European crime syndicates.

The list of botnet victims grows weekly. It includes a host of gambling Web sites and WorldPay, the online payment processing service owned by the Royal Bank of Scotland.

The investigative trail so far has led to computer-savvy teens looking to sell time on their army of commandeered PCs to spammers and fraudsters at the highest bid. Further up the chain, the trail runs cold.

"We think a big part of the operation--the virus-writing and the buying and selling of PC proxies--is kids," said Mikko Hypponen, antivirus research director at Finnish data security company F-Secure.

"We think crime groups are involved as well--but they seem to be using these kids as child labor."

Story Copyright © 2004 Reuters Limited. All rights reserved.