Taking a break from conducting job interviews, the U.S. Department of Justice, along with the FBI, recently announced that an ongoing investigation has identified more than one million "botnet" crime victims. "Operation Bot Roast," as it is known, aims to eliminate "bot herders."
What are bots and why are there so many derivatives of such a seemingly inane word?
Initially used as a term to describe a variety of automated processes, "bot" (short for robot) has taken on a much more sinister meaning.
Simply put, a bot is technically similar to a computer virus, but actually much more malicious.
Good old-fashioned computer viruses are usually the work of pranksters whose main goal is to gain notoriety in the hacker community. Monetary gain is rarely part of the equation. Bots, on the other hand, are often used to steal personal data and sell that information to cyber lowlifes.
Unlike viruses, bots are centrally controlled. Once deployed, a bot will report stolen information back to the "mother ship," where the data is collected, synthesized, and then either put up for sale or used directly by the bot herder for criminal purposes.
Often times, the mother ship is a Web server that has itself been compromised by bots.
Industry reports indicate that a U.S. identity, including a credit card, bank account, Social Security number and date of birth can be purchased off the Web for as little as $20. Credit cards can be had for less than the cost of a gallon of gas. Unlike fuel, the price of a stolen credit card isn't expected to rise.
How do the bots get distributed?
Much like viruses, bots are distributed via e-mail. Increasingly however, we are seeing Web sites that are either intentionally designed for bot distribution or have been infiltrated by bot herders.
A recent study by Google indicated that as many as one in 10 Web sites are capable of activating bots and 16 percent were suspected to contain codes that might be a threat to computers.
ONE THING that bots and viruses have in common is that they can both be avoided by practicing safe computing.
By now, most folks know this drill:
- Beware of e-mails where you don't know the sender.
- Stay off of Web sites that aren't maintained by reputable organizations.
- Employ anti-virus and anti-spyware software, and use some sort of firewall. Even software-based personal firewalls are better than nothing.
This article is republished with permission from a column that previously appeared in The Honolulu Star Bulletin (www.starbulletin.com) on July 2, 2007.
