Botnet boss brought to book - could face up to 20 years in jail

March 14, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis center, have welcomed the news that a man has pleaded guilty in Florida to charges in connection with hacking into corporate computers, making over a hundred thousand dollars by using them to display cash-generating adverts.

Robert Matthew Bentley, of Panama City, Florida, admitted to his botnet activities which took place from October 2005 to November 2006. Media reports claim that 21-year-old Bentley, who sometimes used the online handle "LSDigital", was part of a gang that used malware to break into innocent PCs across Europe.

According to court documents, the malware generated so much server traffic that normal network operations came to a standstill for one corporate victim, Newell Rubbermaid.

"Computer crime fighting authorities in the UK and America worked closely together to piece together the evidence in this case, and have successfully brought another botherder to book," said Graham Cluley, senior technology consultant for Sophos. "According to papers filed in the court, Newell Rubbermaid has so far sustained damage of at least $150,000 countering Bentley's attacks. In their greed for cash, criminal hackers have no qualms about blindly infecting computers around the world to generate them loot."

Robert Bentley faces up to 20 years in prison, and a possible fine of $500,000. His sentence hearing is scheduled for 28 May 2008. There is speculation, however, that the authorities may exercise leniency in Bentley's sentencing if he assists the authorities in uncovering others involved in the botnet underworld.

Earlier this year, Sophos published its annual Security Threat Report, which discussed how financially-motivated cybercriminals use zombie botnets in their pursuit of money.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.