IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:

* Transforming IT Teams
 September 16

* Global CIOs: How to Lead on the World Stage
September 18

* Social Responsibility's Strategic Benefits
 October 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

Creator of Nugache Worm Reaches Plea Agreement

 

By Jeremy Kirk

June 30, 2008 — IDG News Service —

The teenage creator of a botnet who used a clever worm to infect PCs and then steal users' personal data has agreed to a plea deal with federal prosecutors in California.

Jason Michael Milmont, of Cheyenne, Wyoming, is expected to plead guilty to one count of accessing protected computers to conduct fraud.

In return, prosecutors with U.S. District Court for the Central District of California will only press for the "low end" of a potential five-year maximum sentence and US$250,000 fine, according to court documents posted the Web site of Milmont's hometown newspaper.

Milmont's scheme is perhaps most notable for the use of a P-to-P (peer-to-peer) protocol to control his botnet, a technique that makes tracing much more difficult for security analysts and law enforcement.

Milmont created what's known as the Nugache worm. He wrapped the worm into Limewire, a P-to-P file-sharing application, and duped victims into downloading the tampered program.

Once a PC was infected, the Nugache worm would then send spam to everyone on a person's AOL Instant Messenger contacts list. The spam included links to fake Web sites Milmont created mimicking MySpace or the Photobucket photo-sharing site. If a user went to the spoofed site, the user would be asked to download a file.

The file was the Nugache worm, which if downloaded and uncompressed, would then start spamming again. Prosecutors estimate that Milmont's botnet comprised 5,000 to 15,000 computers at a time. The botnet was also used to carry out denial-of-service attacks, including one against an online business in southern California.

But Milmont kept updating the malware. The third version had a keylogging function that was capable of collecting form data from Internet Explorer of the computers he controlled. He then perpetuated identity fraud, collecting credit-card numbers and ordering goods.

Milmont also bought phone numbers with Cheyenne area codes from Skype with pilfered credit-card numbers. Those numbers were used to order goods online, which went to a vacant residence in Cheyenne, federal prosecutors said.

As part of the plea deal, Milmont must pay $73,866.36 in restitution.

Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.
Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» New 2008 Report: Outbound Email and Data Loss Prevention in Today's Enterprise
Email, blogging and mobile devices are important business tools, but they expose enterprises to legal, financial and regulatory risks.
» Regulations Shift Focus on Outbound Email Security
Outbound email is essential to running any business today — allowing us to share information, work with partners and even interact with customers.
» Messaging Security Goes Virtual
When it comes to technology investments, virtualization demonstrates drop-dead-obvious ROI.
» Encryption Made Easy: The Advantages of Identity Based Encryption
Growing regulations are pressuring enterprises to find effective, affordable and easy email encryption solutions.
» The Great Email Security Debate: Appliances, SaaS, or Virtual?
Today, there are many ways to approach email security — the question is: what deployment model is right for you?
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

Consolidation: Just the Starting Point for Virtualization

Maximizing Site Visitor Trust Using Extended Validation SSL

Standalone Server vs. Open Source Toolkits

Getting Off on the Right Foot: Avoiding Common Master Data Management False Starts

The Challenge of Network Access Control -- Is a Managed Service the Answer?

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers

How to Calculate the ROI of Remote Support

31 Best Practices for the Service Desk

Unified Communications Software: The Death of VoIP?

Unify and Conquer: The Benefits of Unified Communications.

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Network Immunity Manager Video

Dell Latitude: Battery life up to 19 hours. Learn more

Video: 21st Century Networking for a 12th Century Castle

Speed, agility, flexibility - The HP BladeSystem c-Class

Learn about the software-based VoIP solution from Microsoft

Microsoft System Center - Designed For Big

Accelerating ITIL at the Service Desk

Putting Open source to the test

Webcast: Roundtable discusses industry trends for Enterprise Content Management

Protecting Data in a Highly Networked World

How the Mac is Becoming an IT Standard in the Enterprise

Storage Efficiency: The Key to Green Storage Operation

Oracle Database 11g: Real Application Testing & Manageability

Reap the Benefits of Unified Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance

Best Practices for Providing Secure and Cost-Effective Remote Access

How Does Your IT Help Desk Measure Up?

White Paper: Businesses Thrive by Unifying Business Communications

Getting Network Management Right: A Gartner IT briefing

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

SOA Educational Library at the TIBCO SOA Resource Center

TDWI Report shows strong validation for investing in predictive analytics

Cost-Effective Data Center 1U Server Solutions

Secure your virtual and physical environments with the same software

GET YOUR VoIP ONTM! Win 2 Years of Hosted VoIP from Cypress. $100,000 retail value. Enter today!

Virtual Support Technology Delivers Quantifiable Gains in Productivity and Performance

Weigh the trade-offs between outsourcing communications and keeping it on-premise.

Stimulating Innovation: Meeting IT's New Mission