18-year-old "King of the Botnets" pleads guilty in New Zealand

April 03, 2008 Sophos Press Release

Owen Thor Walker has pleaded guilty to using computers for illegal purposes. Image copyright (c) Sophos
Owen Thor Walker has pleaded guilty to using computers for illegal purposes.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis center, have reminded businesses and individuals of the importance of protecting their computers in the light of a teenager pleading guilty to cybercrime.

18-year-old New Zealander, Owen Thor Walker, pleaded guilty earlier this week to six charges between January 30, 2006 and November 28, 2007 relating to using computers for illegal purposes. Walker, who was arrested in November 2007, has been accused of playing a key role in a gang that infected 1.3 million computers around the world, installing revenue-generating adware and stealing information worth US $20 million.

Walker, who used online handles including "AKILL", "Snow Whyte" and "Snow Walker", is said to have personally made nearly NZ $40,000 (approximately US $31,000) from the malicious botnet. At the time of his arrest he was dubbed the "botnet king" by media around the world.

Judge Arthur Tompkins, who heard the court case in Thames, south of Auckland, said that a prison sentence was unlikely for Walker taking into account his youth and that he suffers from Asperger's syndrome. Instead it is understood the judge will consider home detention, community detention, community work and a fine for the teenager instead.

"Walker admitted in court that he knew what he was doing was illegal, but did not consider it to be criminal," said Graham Cluley, senior technology consultant for Sophos. "With more and more high profile arrests of hackers a clear message must be sent that their activities will not be tolerated. Clearly this man was just one cog in a larger criminal gang, some of whom have still not been brought to justice. Companies and home users need to put defenses in place now to ensure that they are not the next victims of an internet botnet gang."

The 18-year-old has been bailed to appear in court for sentencing on 28 May 2008.

In January Sophos published its annual Security Threat Report, which discussed how financially-motivated cybercriminals use zombie botnets in their pursuit of money.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.