Security news
Security news29 August 2006
Three year jail sentence for zombie king who infected US military computers Gang received more than $100,000 by planting adware on infected PCs
Maxwell has been sentenced to three years in jail.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the sentencing to jail of a man who admitted infecting 50,000 computers at US military bases, schools, and a Seattle hospital.
21-year-old Christopher Maxwell, from Vacaville, California, has been found guilty of launching attacks in January 2005 and has received a three year jail sentence as well as a quarter of a million dollar fine.
Maxwell's attack struck hard at Northwest Hospital and Medical Center in north Seattle. The attack is said to have shut down computers in the facility's intensive care unit and prevented doctors' pagers from working properly.
Maxwell also caused more than $135,000 worth of damage by infecting Department of Defense computers, as well as those belonging to the hospital, when he and two juveniles unleashed malware designed to install adware on affected PCs. The three are said to have been paid more than $100,000 through the resulting advertising commission revenue.
Furthermore, the Colton school district in southern California estimated that it cost up to $75,000 to repair its computers after an attack.
"Hackers who create a zombie network, or botnet, are trying to steal and spy on innocent people, and don't care about the consequences. In this case military bases and a hospital network were affected, with obvious possible consequences. The American authorities have done well in bringing another offender to justice," said Graham Cluley, senior technology consultant for Sophos. "All types of organization need to put in place proper defenses to ensure their computers do not become part of a botnet. Every PC should be properly defended by up-to-date anti-virus software, firewalls, and the latest security patches."
Maxwell has been sentenced to three years in a federal prison followed by three years supervised release by US District Judge Marsha J. Pechman. In addition Maxwell has been ordered to pay $250,000 in restitution.
"Other hackers should look long and hard at the punishment Maxwell has received and ask themselves whether they really think internet crime is a career they wish to continue pursuing," continued Cluley.
Maxwell's sentence is not the toughest handed out to a hacker involved in creating botnets. In May, Jeanson James Ancheta received a 57 month jail sentence after seizing control of 400,000 PCs.
Zombie computers - are your PCs under someone else's control?
Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information.
As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the company's reputation, but can also cause the business's email to be blocked by others.
Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.
Sophos recommends that computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of spam, spyware and viruses.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
