Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
news that a teenager has confessed to controlling thousands of
computers in an illegal botnet.
19-year-old Jason Michael Milmont, of Cheyenne, Wyoming, has
admitted to being the programmer of the Nugache malware which
infected Windows computers, turning them into a sophisticated
botnet for illegal purposes such as identity theft.
Milmont operated the botnet between March and September 2007,
having set up a bogus website which claimed to offer a free
installation of the peer-to-peer filesharing program Limewire.
However, the program was secretly infected by Milmont with the
Nugache malware. He also took over infected computers to send AOL
instant messages to victims' "buddies", directing them to websites
hosting malware.
Milmont used stolen bank information to take over victims'
accounts, and order goods to be sent to vacant addresses in the
Cheyenne, Wyoming area.
Nugache was one of the first botnets to be controlled via P2P
technology, making it harder to identify and shutdown the network's
controller. On average, Milmont controlled between 5,000 and 15,000
compromised PCs at any one time.
"There was speculation that a Russian criminal mastermind must
be behind the Nugache malware attack, so it may surprise some to
see a teenager from Wyoming taking the rap for this cybercrime,"
said Graham
Cluley, senior technology consultant for Sophos. "Regardless of
who was responsible for the botnet, the fact remains that innocent
people had their computers broken into, and money stolen from their
accounts. The authorities should be applauded for bringing another
cybercriminal to justice."
For his offences, Milmont can receive a maximum sentence of five
years in jail and a fine of $250,000, but as he has entered into a
plea agreement this is likely to be taken into account by the
authorities when sentencing. Milmont has agreed to pay $73,866 in
restitution.
Sophos experts report that this is just the latest in a string
of arrests made by police around the world in their fight against
organized cybercriminals. For instance, earlier this month Sophos
reported on how it had worked with the international
cybercrime-fighting authorities to bring
an American botnet master to justice.
Sophos recommends all computer users protect themselves with a
consolidated solution which can control network access
and defend against the threats of spam, hackers, spyware and
viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.