- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
The teenage creator of a botnet who used a clever worm to infect PCs and then steal users' personal data has agreed to a plea deal with federal prosecutors in California.
Jason Michael Milmont, of Cheyenne, Wyoming, is expected to plead guilty to one count of accessing protected computers to conduct fraud.
In return, prosecutors with U.S. District Court for the Central District of California will only press for the "low end" of a potential five-year maximum sentence and $250,000 fine, according to court documents posted the Web site of Milmont's hometown newspaper.
Milmont's scheme is perhaps most notable for the use of a peer-to-peer protocol to control his botnet, a technique that makes tracing much more difficult for security analysts and law enforcement.
Milmont created what's known as the Nugache worm. He wrapped the worm into Limewire, a P2P file-sharing application, and duped victims into downloading the tampered program.
Once a PC was infected, the Nugache worm would then send spam to everyone on a person's AOL Instant Messenger contacts list. The spam included links to fake Web sites Milmont created mimicking MySpace or the Photobucket photo-sharing site. If a user went to the spoofed site, the user would be asked to download a file.
The file was the Nugache worm, which if downloaded and uncompressed, would then start spamming again. Prosecutors estimate that Milmont's botnet comprised 5,000 to 15,000 computers at a time. The botnet was also used to carry out denial-of-service attacks, including one against an online business in southern California.
But Milmont kept updating the malware. The third version had a keylogging function that was capable of collecting form data from Internet Explorer of the computers he controlled. He then perpetuated identity fraud, collecting credit-card numbers and ordering goods.
Milmont also bought phone numbers with Cheyenne area codes from Skype with pilfered credit-card numbers. Those numbers were used to order goods online, which went to a vacant residence in Cheyenne, federal prosecutors said.
As part of the plea deal, Milmont must pay $73,866.36 in restitution.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment