Maxwell has been sentenced to three years in jail.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
the sentencing to jail of a man who admitted infecting 50,000
computers at US military bases, schools, and a Seattle
hospital.
21-year-old Christopher Maxwell, from Vacaville, California, has
been found guilty of launching attacks in January 2005 and has
received a three year jail sentence as well as a quarter of a
million dollar fine.
Maxwell's attack struck hard at Northwest Hospital and Medical
Center in north Seattle. The attack is said to have shut down
computers in the facility's intensive care unit and prevented
doctors' pagers from working properly.
Maxwell also caused more than $135,000 worth of damage by
infecting Department of Defense computers, as well as those
belonging to the hospital, when he and two juveniles unleashed
malware designed to install adware on affected PCs. The three are
said to have been paid more than $100,000 through the resulting
advertising commission revenue.
Furthermore, the Colton school district in southern California
estimated that it cost up to $75,000 to repair its computers after
an attack.
"Hackers who create a zombie network, or botnet, are trying to
steal and spy on innocent people, and don't care about the
consequences. In this case military bases and a hospital network
were affected, with obvious possible consequences. The American
authorities have done well in bringing another offender to
justice," said Graham
Cluley, senior technology consultant for Sophos. "All types of
organization need to put in place proper defenses to ensure their
computers do not become part of a botnet. Every PC should be
properly defended by up-to-date anti-virus software, firewalls, and
the latest security patches."
Maxwell has been sentenced to three years in a federal prison
followed by three years supervised release by US District Judge
Marsha J. Pechman. In addition Maxwell has been ordered to pay
$250,000 in restitution.
"Other hackers should look long and hard at the punishment
Maxwell has received and ask themselves whether they really think
internet crime is a career they wish to continue pursuing,"
continued Cluley.
Maxwell's sentence is not the toughest handed out to a hacker
involved in creating botnets. In May, Jeanson James Ancheta
received a 57 month
jail sentence after seizing control of 400,000 PCs.
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the company's reputation, but
can also cause the business's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos recommends that computer users ensure their anti-virus
software is up-to-date, and that companies protect themselves with
a consolidated solution which can defend
them from the threats of spam, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.