‘Botmaster’ Charged With Profiting From Exploits

An alleged “botmaster” who authorities say had 400,000 machines under his control was arrested in Los Angeles yesterday.

Jeanson Ancheta, 20, installed pop-up adware on the commandeered computers and rented his “botnet” — or network of computers compromised by Trojan horses that allow remote control of the infected machine — to other hackers for profit, prosecutors say. Ancheta is charged with 17 federal counts including accessing a protected computer to commit fraud, attempted transmission of code to a protected computer and transmission of code to a government computer, having allegedly infected the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, Calif. Other charges include conspiracy and money laundering.

Dirty Money

The U.S. Attorney’s office is also seeking to seize almost US$60,000 in profits from the operation as well as a BMW and computer equipment.

Adware companies pay for each installation an affiliate gets; Ancheta became an affiliate of Gammacash and LOUDcash and illegally installed the adware on the computers in his botnet, authorities say.

Arresting a “botmaster” such as Ancheta is not a unique circumstance, but the U.S. Attorney’s Office said this is the first time someone has been prosecuted for using bots to earn money.

Complex Calculations

The scheme was a particularly sophisticated one, one analyst said.

“All in all, the fact that this was financially motivated will probably make the outcome worse for Ancheta,” Ed Moyle, president of SecurityCurve, told TechNewsWorld.

“In the past, this type of activity has been much more tightly aligned with fraud and wreaking havoc,” Moyle noted. “This case, however, was much more sophisticated — he took something he obtained more or less for free and sold it at a profit to the public at large. It’s theft because what he sold [the computing resources of 400,000 machines] did not belong to him.

“Minus the theft part, it’s incredibly shrewd.”

Practice ‘Safe Computing’

Trojan horses are more likely to infect home computers than corporate ones, but as this case shows, no one is immune.

“From a prevention standpoint, one way for individuals to avoid this stuff is to practice ‘safe computing,'” Moyle said. “Keep operating systems patched, keep applications patched and exercise discretion when installing new software. Anti-virus and anti-spyware tools are also a useful protection measure, since they can often detect the rootkit [backdoor] software used by these individuals to maintain control of the machine.”