Teenager confesses to being Nugache botnet mastermind

Sophos Press Release

Worm author confesses after FBI investigation

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed news that a teenager has confessed to controlling thousands of computers in an illegal botnet.

19-year-old Jason Michael Milmont, of Cheyenne, Wyoming, has admitted to being the programmer of the Nugache malware which infected Windows computers, turning them into a sophisticated botnet for illegal purposes such as identity theft.

Milmont operated the botnet between March and September 2007, having set up a bogus website which claimed to offer a free installation of the peer-to-peer filesharing program Limewire. However, the program was secretly infected by Milmont with the Nugache malware. He also took over infected computers to send AOL instant messages to victims' "buddies", directing them to websites hosting malware.

Milmont used stolen bank information to take over victims' accounts, and order goods to be sent to vacant addresses in the Cheyenne, Wyoming area.

Nugache was one of the first botnets to be controlled via P2P technology, making it harder to identify and shutdown the network's controller. On average, Milmont controlled between 5,000 and 15,000 compromised PCs at any one time.

"There was speculation that a Russian criminal mastermind must be behind the Nugache malware attack, so it may surprise some to see a teenager from Wyoming taking the rap for this cybercrime," said Graham Cluley, senior technology consultant for Sophos. "Regardless of who was responsible for the botnet, the fact remains that innocent people had their computers broken into, and money stolen from their accounts. The authorities should be applauded for bringing another cybercriminal to justice."

For his offences, Milmont can receive a maximum sentence of five years in jail and a fine of $250,000, but as he has entered into a plea agreement this is likely to be taken into account by the authorities when sentencing. Milmont has agreed to pay $73,866 in restitution.

Sophos experts report that this is just the latest in a string of arrests made by police around the world in their fight against organized cybercriminals. For instance, earlier this month Sophos reported on how it had worked with the international cybercrime-fighting authorities to bring an American botnet master to justice.

Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.