The two men have already spent several months in custody.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis center, have reminded
computer users of the importance of internet security following the
sentencing of two men who comandeered tens of thousands of home PCs
for criminal ends.
Two Dutch hackers have been given jail sentences for infecting
millions of Windows PCs with malware, and stealing personal
information such as credit card details to purchase iPods, digital
cameras and games consoles.
The 20-year old leader of the hacking gang has been sentenced to
two years in prison and his 28-year old accomplice received an 18
month jail term. They have also been fined 9,000 and 4,000 Euros
respectively by the court in the Dutch town of Breda.
Prosecutors claimed that the men ran one of the largest networks
of infected computers ever uncovered, which included PCs around the
world. Such zombie networks, also known as botnets, are often used
to launch distributed denial of service attacks (DDOS) or to launch
spam campaigns.
The two men, who have not been identitifed, used the W32/Codbot worm (also
known as Toxbot) to take remote control of innocent users' PCs
between June and October 2005, with some versions of the malware
capturing keypresses, in an attempt to commit identity fraud by
stealing bank account information and credit card numbers.
Several other suspects in the case are still awaiting
sentencing.
"Botnets are an international problem - it is becoming
increasingly common for hackers to exploit thousands of computers
at once to launch denial-of-service attacks, send unwanted spam or
steal from the unwary," said Graham Cluley, senior
technology consultant for Sophos. "All types of organization need
to put in place proper defenses to ensure their computers do not
become part of a botnet. Every PC should be properly defended by
up-to-date anti-virus software, firewalls, and the latest security
patches."
In both cases the men have already served time in custody
equivalent to their sentences, and will not have to spend any more
time in jail.
"Some of the hackers' victims will be feeling understandably
angry that these men have not been given a stiffer sentence by the
Dutch authorities," continued Cluley. "Innocent people have had
their computers hijacked and seem unlikely to be compensated for
the damage that has been done."
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the company's reputation, but
can also cause the business's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos recommends that computer users ensure their anti-virus
software is up-to-date, and that companies protect themselves with
a consolidated solution which can defend
them from the threats of spam, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.