COURT DOC: “Botherder” Dealt Record Prison Sentence for Selling and Spreading Malicious Computer Code

Concluding the first prosecution of its kind in the United States, a well-known member of the ‘botmaster underground’ was sentenced this afternoon to nearly five years in prison for profiting from his use of botnet’s “armies of compromised computers” that he used to launch destructive attacks, to send huge quantities of spam across the Internet and to receive surreptitious installations of adware.

Ancheta pleaded guilty in January to conspiring to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to computers used by the federal government in national defense, and accessing protected computers without authorization to commit fraud. When he pleaded guilty, Ancheta admitted using computer servers he controlled to transmit malicious code over the Internet to scan for and exploit vulnerable computers. Ancheta caused thousands of compromised computers to be directed to an Internet Relay Chat channel, where they were instructed to scan for other computers vulnerable to similar infection, and to remain ‘zombies’ vulnerable to further unauthorized accesses.

Ancheta further admitted that, in more than 30 separate transactions, he earned approximately $3,000 by selling access to his botnets. The botnets were sold to other computer users, who used the machines to launch distributed denial of service (DDOS) attacks and to send unsolicited commercial email, or spam. Ancheta acknowledged specifically discussing with the purchasers the nature and extent of the DDOS attacks or proxy spamming they were interested in conducting. Ancheta suggested the number of bots or proxies they would need to accomplish the specified acts, tested the botnets with them to ensure that the DDOS attacks or proxy spamming were successfully carried out, and advised them on how to properly maintain, update and strengthen their purchased armies.

In relation to the computer fraud scheme, Ancheta admitted generating for himself and an unindicted co-conspirator more than $107,000 in advertising affiliate proceeds by downloading adware to more than 400,000 infected computers that he controlled. By varying the download times and rates of the adware installations, as well as by redirecting the compromised computers between various servers equipped to install different types of modified adware, Ancheta avoided detection by the advertising affiliate companies who paid him for every install. Ancheta further admitted using the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers he used to conduct his illegal activity. (Source: U.S. Department of Justice)