The age of cyber-warfare has arrived.
On Thursday, the FBI said it had uncovered a million compromised computers and had secured two convictions and three new indictments in the second phase of its Bot Roast investigation first disclosed in June. The No. 2 forecast in a new report on 2008 security trends by anti-virus company McAfee holds that the success of the “Storm Worm,” also known as Nuwar, in amassing the “largest-ever” botnet army through a peer-to-peer network will spawn imitators. In May, a botnet army—believed to originate in Russia—mounted a denial-of-service attack against Estonia that overwhelmed that country’s computer infrastructure.
As bot armies—once the stuff of science fiction novels such as William Gibson’s “Neuromancer”—proliferate, startups with new approaches to defense have begun to appear. One of the bot battlers, FireEye, backed by Sequoia Capital, Norwest Venture Partners, and Jafco, insisted that the FBI’s investigation merely scratched the surface. In a statement, FireEye estimated there are 150 million bot-infected computers worldwide.
Steve Linowes, chief executive of Damballa, a botnet defender spun out of Georgia Tech and backed by Sigma Partners and Noro-Moseley Partners, said botnet armies are not mere inconveniences that hog bandwidth. Rather, the “botmasters” use them to spread spam, steal passwords, and data used in identity theft and to extort money from businesses threatened with denial-of-service attacks.
Mr. Linowes said a criminal “ecosystem” has formed to create bot armies.
“These bot armies come into being,” he said. “People will rent and sell these armies to people who want to perpetrate fraud.”
In the FBI cases, federal grand juries charged: Robert Matthew Bentley of Panama City, Florida, with using botnets to spread adware; Gregory King of Fairfield, California, with conducting denial-of-service attacks against several companies, and Ryan Brett Goldstein of Ambler, Pennsylvania, with using botnets to attack the University of Pennsylvania computer system.
Five others were convicted in connection with schemes involving phishing, bogus electronic fund transfers, spam, and password theft.
Mr. Linowes said Damballa, named after a Voodoo serpent god, monitors “the Internet fabric” and stakes out the spots where the botmasters rally their armies.
Botmasters create their bot armies by inserting malware into the computers of unsuspecting users. Those computers then become “zombies” that do the bidding of the bot army.
The stealthy nature of bots mean they can slip undetected into computers, including those with anti-virus and anti-spam protection, Mr. Linowes said.
“Forty-three percent of bot malware evades traditional anti-virus products,” he said. "For this emerging category of threats, you need to put an additional layer on top of what you have.”