Protect Yourself: 40.000 Bots For Hire!!

Published: Tuesday, January 31, 2006 Online-Casinos.com

PROTECT YOURSELF: 40.000 INTERNET BOTS FOR HIRE

Internet hacker built a lifestyle from mercenary deals

Last week Online-Casinos.com & InfoPowa carried the story of an American 20-something hacker who managed to access US Defence computers. The hacking activities of Jeanson James Ancheta have captured more newspaper headlines this week as details of his moves become public.

The Downey, California, resident worked in an Internet cafe and hoped to join the military reserves. Given his modest aspirations, Ancheta lived an upbeat lifestyle, driving a BMW and spending upward of $600 a week on new clothes and car parts.

Last week in a Los Angeles federal court, Ancheta pleaded guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection with Computers.

According to the multiple-count indictment, Ancheta authored a worm that allowed him to infect as many computers on the Internet as he could with off-the-shelf remote access Trojans (RATs). These include common home computers without firewall and antivirus protection.

Ancheta's worm-compromised computers installed a custom version of rxbot, a commonly available Trojan horse, customised to listen to an IRC channel in Ancheta's control. Over time, he amassed about 40,000 worm-infected remote access computers or bots.

Incredibly, some of the bots included computers at the Defense Information Systems Agency (DISA) in Falls Church and at China Lake Naval Air Facility in California. The DISA offers network-based solutions for the President, the Vice President, and the Secretary of Defense.

Shortly after acquiring his first 1,000 bots, Ancheta went into business. To control his growing army, Ancheta rented a hosted server where he installed IRC and hosted a Web site. The Web site advertised rental prices and advice to other cybercriminals. On it, he suggested how many of his bots one would need to take down companies of various sizes. The indictment lists a few exchanges with individuals who took Ancheta up on his offer, individuals who went on to create denial-of-service (DoS) attacks against US companies. Soon Ancheta had as many as 40 000 bots at his disposal.

Ancheta also entered the murky world of Adware - parasitic programs installed on computers (often without notification) Online vendors, such as gambling, marketing affiliate or pornography sites often sign up affiliate Web sites that download the programs to anyone visiting.

He became involved in adware companies currently facing complaints for unfair business practices, and began to direct all the remote-controlled zombie computers to hit their affiliate servers, which then automatically downloaded and installed adware on his compromised botnet computers and in turn netted a sum of money, via PayPal, for Ancheta.

Overall, Ancheta is said to have made about $60,000 over a six-month period.

This criminal activity was not the result of a mafia crime syndicate, but the work of one young adult employed at an Internet cafe. Industry observers speculate that quite apart from Eastern European invasions there are probably hundreds like him, operating as yet unexposed botnets.

It underlines the very real threats to business and personal computing equipment that these hackers can constitute.

Minimum protection recommended by the experts is a two-way firewall (one way blocks malicious incoming traffic, and the other protects against adware that attempts to broadcast personal data to third parties). The best solution is probably to install an Internet security suite.