|Garrido exploited zombie computers to launch a
denial of service attack.
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
the news that a hacker who stopped over a third of Spanish computer
users from using the internet has been sentenced to two years in
26-year-old Santiago Garrido used a computer worm to launch
distributed denial-of-service (DDoS) attacks after he was expelled
from the popular "Hispano" IRC chat room for not following rules.
The attacks disrupted an estimated three million users of the
Wanadoo, ONO, Lleida Net and other internet service providers,
amounting to a third of all of Spain's internet users at the time
of the offence in 2003.
Garrido, who went by the aliases "Ronnie" and "Mike25", was
sentenced at a court in La Coruña and also faces a bill of 1.3
million Euros in damages (474,500 Euros to Lleida Net, 570,716
Euros to Wanadoo, 120,000 Euros to ONO, and 218,000 Euros to
"Many times hackers use DDoS techniques to try and blackmail the
website being attacked. On this occasion, it seems the hacker was
so furious about being thrown out of a chat room that he resorted
to a criminal act to wreak his revenge, and affected millions of
internet users," said Graham Cluley, senior
technology consultant for Sophos. "Hackers engaged in these kind of
activities are guilty of a serious crime, and should be punished
accordingly. The Spanish Civil Guard should be congratulated for
seeing this case through to its conclusion."
Zombie computers - are your PCs under someone else's
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information. SophosLabs estimates that more than
60 percent of all spam today originates from zombie computers. In
May 2005, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect
and hijack computers around the world, programming them to spew out
German nationalistic spam during an election.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of both spam and