|Zombie computers under the remote control of a
hacker can send spam or plant unwanted software.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis center, have welcomed
the news that the FBI has arrested a 20-year-old man suspected of
running a zombie network.
US Attorney spokesman Thom Mrozek said the prosecution was
unusual because Jeanson James Ancheta, who lives in the Los Angeles
suburb of Downey, was accused of profiting from his attacks by
installing adware on a network of innocent third-party compromised
computers. According to prosecutors, some of the computers attacked
were at the Weapons Division of the US Naval Air Warfare Center in
China Lake, California and at the US Department of Defense.
Ancheta is said to have made have made nearly $60,000 from
installing adware on the zombie computers, using the profits to pay
for computer servers to carry out additional attacks and a luxury
BMW car. As a side business Ancheta is also alleged to have sold
access to the zombie network to spammers, who used the third party
computers to launch spam campaigns.
Ancheta was arrested after being lured to the FBI's offices in
Los Angeles to pick up computer equipment seized in an earlier
raid. He has been charged with conspiracy, attempted transmission
of code to a protected computer, transmission of code to a
government computer, accessing a protected computer to commit fraud
and money laundering. If convicted of all counts, Ancheta could
face a maximum term of 50 years in prison.
"Zombie botnets are a growing security problem as they pump out
spam campaigns, steal information, or launch attacks against
corporate networks," said Graham Cluley, senior
technology consultant for Sophos. "In this case it appears they
were being primarily used for displaying unwanted pop-up
advertisements, filling the pockets of the hacker with cash."
Zombie computers - are your PCs under someone else's
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information. SophosLabs estimates that more than
60 percent of all spam today originates from zombie computers. In
May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect
and hijack computers around the world, programming them to spew out
German nationalistic spam during an election.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of both spam and