Teenager confesses to being Nugache botnet mastermind
Worm author confesses after FBI investigation
Posted by Sophos, 30 June 2008
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed news that a teenager has confessed to controlling thousands of computers in an illegal botnet.
19-year-old Jason Michael Milmont, of Cheyenne, Wyoming, has admitted to being the programmer of the Nugache malware which infected Windows computers, turning them into a sophisticated botnet for illegal purposes such as identity theft.
Milmont operated the botnet between March and September 2007, having set up a bogus website which claimed to offer a free installation of the peer-to-peer filesharing program Limewire. However, the program was secretly infected by Milmont with the Nugache malware. He also took over infected computers to send AOL instant messages to victims' "buddies", directing them to websites hosting malware.
Milmont used stolen bank information to take over victims' accounts, and order goods to be sent to vacant addresses in the Cheyenne, Wyoming area.
Nugache was one of the first botnets to be controlled via P2P technology, making it harder to identify and shutdown the network's controller. On average, Milmont controlled between 5,000 and 15,000 compromised PCs at any one time.
"There was speculation that a Russian criminal mastermind must be behind the Nugache malware attack, so it may surprise some to see a teenager from Wyoming taking the rap for this cybercrime," said Graham Cluley, senior technology consultant for Sophos. "Regardless of who was responsible for the botnet, the fact remains that innocent people had their computers broken into, and money stolen from their accounts. The authorities should be applauded for bringing another cybercriminal to justice."
For his offences, Milmont can receive a maximum sentence of five years in jail and a fine of $250,000, but as he has entered into a plea agreement this is likely to be taken into account by the authorities when sentencing. Milmont has agreed to pay $73,866 in restitution.
Sophos experts report that this is just the latest in a string of arrests made by police around the world in their fight against organized cybercriminals. For instance, earlier this month Sophos reported on how it had worked with the international cybercrime-fighting authorities to bring an American botnet master to justice.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.