Press Releases

Browse our press release archive

01 Feb 2007

Botnet gang who stole identities sentenced in The Netherlands

Hackers turned infected PCs into comandeered zombies

Behind bars
The two men have already spent several months in custody.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis center, have reminded computer users of the importance of internet security following the sentencing of two men who comandeered tens of thousands of home PCs for criminal ends.

Two Dutch hackers have been given jail sentences for infecting millions of Windows PCs with malware, and stealing personal information such as credit card details to purchase iPods, digital cameras and games consoles.

The 20-year old leader of the hacking gang has been sentenced to two years in prison and his 28-year old accomplice received an 18 month jail term. They have also been fined 9,000 and 4,000 Euros respectively by the court in the Dutch town of Breda.

Prosecutors claimed that the men ran one of the largest networks of infected computers ever uncovered, which included PCs around the world. Such zombie networks, also known as botnets, are often used to launch distributed denial of service attacks (DDOS) or to launch spam campaigns.

The two men, who have not been identitifed, used the W32/Codbot worm (also known as Toxbot) to take remote control of innocent users' PCs between June and October 2005, with some versions of the malware capturing keypresses, in an attempt to commit identity fraud by stealing bank account information and credit card numbers.

Several other suspects in the case are still awaiting sentencing.

"Botnets are an international problem - it is becoming increasingly common for hackers to exploit thousands of computers at once to launch denial-of-service attacks, send unwanted spam or steal from the unwary," said Graham Cluley, senior technology consultant for Sophos. "All types of organization need to put in place proper defenses to ensure their computers do not become part of a botnet. Every PC should be properly defended by up-to-date anti-virus software, firewalls, and the latest security patches."

In both cases the men have already served time in custody equivalent to their sentences, and will not have to spend any more time in jail.

"Some of the hackers' victims will be feeling understandably angry that these men have not been given a stiffer sentence by the Dutch authorities," continued Cluley. "Innocent people have had their computers hijacked and seem unlikely to be compensated for the damage that has been done."

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the company's reputation, but can also cause the business's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.

Sophos recommends that computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of spam, spyware and viruses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.