Invasion of the BOT e-Snatchers?
The theme behind Jack Finney's "The Body Snatchers" has been replicated in movie after movie since 1956. Each remake advances the same basic theme: aliens are taking over people one by one and it's almost impossible to tell who has been taken over and who hasn't.
With the arrest last month of John Kenneth Schiefer, 26, we learned that there are aliens taking over our PCs too. Schiefer, or "Acidstorm" to his friends, pleaded guilty to using the snatched identities of over 250,000 "zombie" PCs to conduct identity theft and fraud. Schiefer and accomplices used 'bot' software to compromise vulnerable machines and include them in his massive 'botnet'. He controlled the zombie machines using his own computers, computers at his office, and would instruct his bots to install adware on user PCs without their permission. Schiefer's scheme included stealing usernames and passwords, and illegally intercepting messages.
Altogether, he's looking at up to 60 years in prison for wire fraud and bank fraud. (Source: securityfocus.com)
Although Schiefer has been stopped, his case underlines how vulnerable PCs can be turned into nefarious zombies by bots. And then what do the zombies do?
- They can be used to distribute spam by utilizing thousands of zombie PCs to deliver unwanted and illegal messages;
- They can "sniff" message packets that go in and out of the zombie in order to detect sensitive user information or provide information for identity theft;
- They can record actual keyboard activity using "keylogging"; in this way they can capture passwords and user names by looking for key sequences whenever certain key sites are accessed (e.g. PayPal.com);
- They can add adware;
- They can spread more malware to other machines or accelerate virus proliferation across a network;
- They can abuse pay-per-click ads by artificial generating clicks on PPC ads;
- Similarly, zombie machines can forge online polls or surveys;
Of course, not all bots are bad. The major search engines use bots to scour the web looking for new sites and new content on existing sites. However, the bots on the dark side can be used in the same way to harvest email addresses, spread viruses and worms, and buy up all the good seats for concerts or sporting events the moment the tickets are available for sale.
In fact, armies of zombie PCs combined in botnets can also be used in political scenarios, or even war. In one hypothetical scenario, for example, a hostile country could paralyze a modern, information-based economy, by a sustained zombie attack aimed at overwhelming the servers of critical banks, clearing houses, trading organizations, retailers, and even military or government servers! (Source: wired.com)
Although apprehended, Schiefer has demonstrated that all of this truly possible. He's shown us that there is truly an "invasion" and that PCs are indeed being "snatched." And if this is true, can the realization of other fantasy scenarios be far behind? Maybe this would be a good idea to brush up on William Gibson's "Neuromancer" and maybe consider the notion that it being written in 1984 might not have been a coincidence...