New York, NY - U.S. Computer Emergency Response Team shut down a huge botnet of almost 50,000 computers under the control of singer-songwriter Michael Bolton last week, after being alerted by the SANS Institute's Internet Storm Center (ISC) in Bethesda, Md.
Anonymous sources said the singer planned to use his Bolton botnet, or "Boltnet," to skew online voting on MTV's "Total Request Live" in favor of songs he co-wrote with singer Babyface, who will begin touring next month.
Although authorities already shut down Bolton's controlling server, he may have already resurrected it by pointing compromised hosts to a server at a new Internet address, according to Johannes Ulrich, chief technology officer at the ISC.
"Boltnets" are networks of computers that act much like the fans of Michael Bolton. Instead of robotically listening to the singer's music, they robotically listen for the singer's commands. Such networks are created by installing remote access and communication software on the remote computers, often after they are compromised by a Michael Bolton CD.
Boltnets act in unison through commands issued by Bolton through his microphone or his Internet Relay Chat (IRC) server. For example, Bolton could command his Boltnets to flood VH1's website with negative comments about a song he did not co-write.
"In some sense, Boltnets are a more dangerous problem than worms and viruses," Ulrich said. "They're an easy way to control 50,000 computers, and you can do anything with them. For example, command (the compromised machines) to delete Sarah Brightman's MP3s, or go to a particular URL and buy tickets for a Michael Bolton concert."
Many computers have been cleaned of Bolton's remote-control software, but other systems are still infected and can be used by the singer-songwriter in future actions. Even when the host name is known, as in Bolton's case, he may have several different, geographically dispersed servers that all use the same host name, each controlling the Boltnet.
Many of the systems used in Boltnets are owned by Bolton's fans that are connected to the Internet by broadband Internet connections. It can be difficult for Internet service providers to spot and clean such infected systems unless they do something unusual, such as attending a Michael Bolton concert.
In addition, with Bolton on a U.S. tour featuring saxophone artist Kenny G, the Boltnet problem will likely get worse. Ulrich said, "Kenny G fans' machines are a classic target."
Recommend this Story to a Friend