The FBI is notifying more than a million US computer users whose PCs have been hijacked by criminals.
These PCs are known as zombies and are used by criminals to form what are called botnets.
The networked computers are then used to launch various online criminal activities, such as spam, phishing attacks, identity theft, distributed denial of service attacks, and to hide images of child abuse.
Notifying the people whose PCs are being used this way is part of an ongoing initiative called Operation Bot Roast.
This is an ongoing project that the FBI has been running with industry partners. These include Microsoft, The Botnet Task Force, a low-profile organisation initiated by Microsoft in 2004, that acts as a means of building awareness and providing training for law enforcement and the CERT Coordination Center at Carnegie Mellon University in order to break up these botnets.
The FBI said because of the widely distributed abilities of botnets they do not only harm individuals but are now considered a threat to national security, information infrastructure and the economy.
By informing people that their PCs have been hijacked the FBI not only hopes to disrupt and dismantle many botnets but also find out what other criminal activities these computers are being used for.
The identification of over a million infected PCs is a significant milestone in Operation Bot Roast, which has already nabbed some major names alleged to have committed cyber crimes. These include spammer Robert Alan Soloway of Seattle, Washington.
He is alleged to have used a large botnet network to send tens of millions of unsolicited email messages to advertise his website from which he offered services and products.
Also caught in the net have been James C. Brewer of Arlington, Texas and Jason Michael Downey of Covington, Kentucky.
Brewer is alleged to have operated a botnet that infected Chicago area hospitals. This botnet also infected tens of thousands of computers worldwide. Downey is charged with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems.
The difficulty for law enforcement agencies, however, is most owners of hijacked PCs are unwitting and unknowing victims. They have no idea their computer has been compromised. They have unintentionally allowed criminals unauthorised access by downloading malware such as Trojan Horses.
This malware can be downloaded to an unsecure PC in many ways if a person does not have adequate security or visits unsafe websites. Google researchers recently warned recently that one in 10 web pages is hiding embedded malware.
The company's Ghost in the Browser study which looked at over 4.5 million web pages found that 10 per cent were capable of activating malicious codes and 16 per cent were suspected to contain codes that might be a threat to computers
This malware opens a back door to their computers that allows hackers known as botherders to control the PC and link it to other compromised computers to form the dangerous botnets.
“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI assistant director for the Cyber Division James Finch.
“An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally.
"Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”
