Press Releases

Browse our press release archive

05 May 2006

Hospital zombie attacker pleads guilty to disrupting computer systems

Military and hospital computers were affected by the malware attack

The hospital's computer network was disrupted by the botnet infection.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded organizations of the threat posed by malware designed to create zombie networks as a hacker admitted infecting 50,000 computers.

20-year-old Christopher Maxwell, from Vacaville, California, has pleaded guilty to charges that he launched an attack in January 2005 which struck hard at Northwest Hospital and Medical Center in north Seattle. The attack is said to have shut down computers in the facility's intensive care unit and prevented doctors' pagers from working properly.

Maxwell caused more than $135,000 worth of damage by infecting Department of Defense computers, as well as those belonging to the hospital, when he and two juveniles unleashed malware designed to install adware on affected PCs. The three are said to have been paid more than $100,000 through the resulting advertising commission revenue.

"Creating a zombie network, or botnet, isn't a harmless game. In this case a hospital network was affected, and patients' welfare could have been put at risk through the stupidity of the hackers. The American authorities should be congratulated for bringing another offender to justice," said Graham Cluley, senior technology consultant for Sophos. "All organizations need to put in place proper protection to ensure their computers are not part of a botnet. Every PC should be properly defended by up-to-date anti-virus software, firewalls, and the latest security patches."

Investigators discovered that Maxwell's botnet had also damaged hit US military computer systems at the Headquarters 5th Signal Command in Manheim, Germany, and at the Directorate of Information Management in Fort Carson, Colorado.

Maxwell, who pleaded guilty to committing computer fraud and intentionally damaging a protected computer, could face a prison sentence and a fine of more than $250,000, according to the office of the US Attorney. Sentencing is scheduled for 4 August 2006.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the company's reputation, but can also cause the business's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.

Sophos recommends that computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of spam, spyware and viruses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at