|
| Ancheta exploited zombie computers to send spam
and plant unwanted software. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis center, have welcomed
the news that a 20-year-old man has pleaded guilty to seizing
control of hundreds of thousands of zombie computers, using them to
display cash-generating adverts, and renting them out to hackers to
send spam campaigns and launch denial of service attacks.
Jeanson James Ancheta, from the Los Angeles suburb of Downey,
profited by installing adware on a network of innocent third-party
compromised computers. According to prosecutors, some of the
computers attacked were at the Weapons Division of the US Naval Air
Warfare Center in China Lake, California and at the US Department
of Defense.
Ancheta made over $61,000 from installing adware on the zombie
computers, using the profits to pay for computer servers to carry
out additional attacks, new clothes, and a luxury BMW car. As a
side business Ancheta also sold access to the zombie network to
spammers, who used the third party computers to launch spam
campaigns and distributed denial of service (DDoS) attacks.
"There are a number of ways in which zombie botnets can generate
healthy profits for hackers: they can install advertising pop-ups
which generate income through affiliate schemes, rent out the
network for hackers who wish to blackmail websites with DDoS
attacks, or use them to steal information or pump out spam
campaigns," said Graham Cluley, senior
technology consultant for Sophos. "Hackers engaged in these kind of
activities are guilty of a serious crime, and should be punished
accordingly."
Ancheta is likely to face up to 6 years in prison for his
crimes, and will forfeit the profits he made from his life of
crime, including his luxury car. Sentencing is expected in May
2006.
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information. SophosLabs estimates that more than
60 percent of all spam today originates from zombie computers. In
May 2005, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect
and hijack computers around the world, programming them to spew out
German nationalistic spam during an election.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of both spam and
viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.