Wednesday, August 31, 2005

More Arrests in Zotob Case

E Week is reporting that 16 more fraudsters have been arrested in Turkey as a result of the recent Zotob case. Allegedly these 16 individuals are tied into a credit card and identity theft ring. There is more information forthcoming, but these individuals are said to run botnets.

Botnets are frequently used to steal information and spread SPAM. There are reports that the owners of these networks rent them out to organized crime. Organized gangs use botnets to install spyware, or a Trojan horse to gather financial, or personal information, which are used in fraud schemes. This is normally done through the use of keyloggers. Keyloggers log keystrokes and place them in a file, normally encrypted, that can be extracted remotely.

Please note that so-called legitimate marketing firms use spyware, normally downloaded from freeware, or peer to peer programs) that gather information on people. A lot of this technology is legal and can easily be purchased over the internet, often being touted for reasons such as spying on your employees, or spouse.

According to Wikipedia, "Botnet" is a jargon term for a collection of software robots, or bots, which run autonomously. A botnet's originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.

A botnet can comprise a collection of cracked machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community.

Microsoft's Internet Security Team is being given credit for developing a lot of the intelligence, which the FBI and international authorities used to resolve these cases.

For more information on the original arrests of Farid Essebar from Morocco and Attilla Ecici from Turkey go to:

For the original article from EWeek, click on the title of this post.

1 comment:

Anonymous said...

Yeah, i read that U.K. is one of the largest bot infected area, with London being the city with the largest bot percentage in the world. A number of arrests for zotob have been taken in this area.