With help from industry partners, the US Department of Justice and the FBI have released a statement that they have identified over one million computers who have become part of a botnet. The FBI and the Justice Department aren"t just interested in finding and informing victims, however: they are actively working to locate and dismantle the operators of the botnets, known as "botherders." To date, the task force has nabbed James C. Brewer of Arlington Texas, Jason Michael Downey of Covington, Kentucky, and Robert Alan Soloway of Seattle Washington, charging all three of them with using botnets to send spam and disrupt other computers with DDos attacks.
In January, TCP/IP pioneer Vint Cerf estimated that one-quarter of all computers could be part of a botnet. This number is much higher than the FBI"s one million out of an estimated 600 million computers connected to the Internet. Most of these computers are running older versions of Windows (older than XP SP2) but there are also botnetted machines running Linux and OS X, primarily servers running third-party server software such as PHP that has not been fully patched for security vulnerabilities. As new versions of Windows harden themselves against OS-level attacks, expect to see more attacks on third-party software, particularly as users are fairly lax at keeping it patched.