Continued from page 1

Botnets can be used to send spam e-mail or spread more malware, but they can also be used to conduct so-called denial-of-service attacks against websites. At the moment, Mr. Raff said, the ICA appeared to be selling access to the computers it had infected to other cybercrime gangs, who were loading their own malware onto them, effectively recruiting them to multiple other botnets, or equipping them to steal banking passwords or other personal data from their owners.

“They have moved into commercial cybercrime,” said Mr. Raff of the ICA. “But we suspect that they will also use [their botnet] in the future for hacktivist attacks,” perhaps in the service of Tehran.

Russian nationalist hacktivists were blamed for providing the foot soldiers for the cyberwar attacks on Estonia in April and May 2007. Those hackers used botnets to cripple Estonian government and banking websites.

Mr. Raff said the ICA attack had been reported to law enforcement in several countries and was under investigation but declined to comment further.

Over the summer, security researchers assessed that a computer worm called Stuxnet, which attacked special industrial-control systems, had been aimed at sabotaging an Iranian nuclear plant. Given the timing of the ICA attack, Mr. Raff said, “on the heels of the recent Stuxnet worm — it appears reasonable to assume that the Iranian Cyber Army group has decided to move from simple defacement warnings to actual cybercrime activities.”