Monday, February 6, 2006

Zombie King goes to jail

A 20-year-old hacker, Jeanson James Ancheta, ran a "Zombie Network" or "BotNet" for profit. He was caught by Feds and is going to jail. AP reported:

A 20-year-old hacker admitted Monday to surreptitiously seizing control of hundreds of thousands of Internet-connected computers, using the zombie network to serve pop-up ads and renting it to people who mounted attacks on Web sites and sent out spam.

Jeanson James Ancheta, of Downey, Calif., pleaded guilty in Los Angeles federal court to four felony charges for crimes, including infecting machines at two U.S. military sites, that earned him more than $61,000, said federal prosecutor James Aquilina.

Under a plea agreement, which still must be approved by a judge, Ancheta faces up to 6 years in prison and must pay the federal government restitution. He also will forfeit his profits and a 1993 BMW. Sentencing is schedule for May 1.

Prosecutors called the case the first to target profits derived from use of "botnets," large numbers of computers that hackers commandeer and marshal for various nefarious deeds, their owners unaware that parasitic programs have been installed are being run by remote control.

Botnets are being used increasingly to overwhelm Web sites with streams of data, often by extortionists. They feed off of vulnerabilities in computers that run Microsoft Corp.'s Windows operating system, typically machines whose owners haven't bothered to install security patches.

As some backgroud, Sunbelt Blog writes:
The incidence of BotNets (or at least, those that were discovered) started increasing enormously in 2004 and continues to rise. According to Symantec's Global Internet Threat Report in 2005, there was a 140% increase in the number of active 'bots observed per day over the previous reporting period.

BotNets have become big business. BotMasters will rent the use of their BotNets for 10 to 25 cents per machine, so that those without the technical savvy to set up their own BotNets can still have the use of one to launch attacks, distribute spam, commit identity theft, or whatever other nefarious activities they wish. Some common 'bot programs include:

  • Agobot/Phatbot/Forbot (there are more than 500 known versions)

  • SDBot/RBot/UrBot (published under the Gnu Public License)

  • GT-Bots (IRC script-based 'bots)

  • Q8 Bot (for UNIX/Linux systems)

  • Perl bots (written in Perl scripting language, also used on UNIX systems)

via Schneier on Security

Twitter | Ukraine World

Twitter | Volodymyr Zelenskyy (Ukraine President)

Twitter | Euromaidan Press

Twitter | The Kyiv Independent

Twitter | Ukraine Weapons Tracker

Daily Reckoning