July 01, 2008

Botnet creator pleads guilty

Jason Michael Milmont, a significant malware developer, admitted guilt in federal court for fraudulently accessing protected computers. The announcement came from the U.S. District Court for the Central District of California.

The guilty plea will not, however, put an end to the innovation in crimeware he developed. His development came to be known as the Nugache worm – it uniquely wrapped the worm into a P2P protocol, which made detection and prevention difficult.

Sam Masiello, director of threat management at MX Logic, said in a blog posting that, “…this story is only significant because of Milmont's contribution to the botnet community with how his Nugache worm used peer-to-peer networking technology…to create a fully redundant, interconnected network to prevent his botnet from easily being shut down.”

A PC infected with Milmont's worm could be made to send spam to the user's contact lists asking recipients to visit fake web sites that prompted users to download files. The files were worms that when activated started the spam cycle all over again.

Masiello told SCMagazineUS.com on Tuesday that, "The Nugache botnet has been pretty well contained at his point. Even in its hayday, it wasn't big. The botnet ranged in the area of 5,000 to 15,000 actual bots, which pales in comparison to some of the other botnets today, like the Szirbi botnet – that's estimated to be more that 300,000."

According to the plea agreement, Milmont “…knowingly accessed without authorization a computer used in interstate commerce with the intent to defraud.” He faces up to five years in prison, and as part of the deal, must pay back $73,866.36.

Wesley L. Hsu, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney's Office in Los Angeles, told SCMagazineUS.com on Tuesday, "Law enforcement has been active and is trying to be more active in the cybercrime area. Botnets are an increasing problem, and you're seeing an increasing number of prosecutions nationwide. Hopefully it has some kind of deterrent value."

 
Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.