Security Bytes

Jul 1 2008   3:46PM GMT

Alleged Nugache author takes plea deal

David Schneier David Schneier Profile: David Schneier

A Wyoming teenager has signed a plea agreement that lays out the details of his role in creating and deploying the Nugache malware that was used to establish a large dynamic botnet that some researchers said was among the more dangerous networks on the Internet. Jason Michael Milmont, 19, of Cheyenne, used his botnet to launch DDoS attacks, steal credit card and bank account data and then later went on online shopping sprees, racking up thousands of dollars in damages to his victims, the government alleges.
In the plea agreement, signed in late June, federal authorities describe several methods that Milmont used to disseminate Nugache, including embedding it into copies of the Limewire software and infecting users’ PCs through IM spam. If a user clicked on the malicious message, he would be sent to a spoofed site where he would be forced to download a file containing the Nugache code. Milmont allegedly used the stolen card numbers to order goods, which he had delivered to various addresses in Cheyenne. Authorities say that Milmont has agreed to pay more than $73,000 in restitution as part of the plea deal. He also faces up to five years in prison.
Nugache is one of several pieces of malware that have surfaced in recent years and seem built for the express purpose of constructing large-scale botnets. Estimates of the size of these networks vary wildly, but Milmont’s plea deal says the Nugache botnet ranged between 5,000 and 15,000 machines at any one time. That’s a good-sized corporate network, even on the low end.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: