Internet Domain Registry

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 30 June 2008

19 years old and headed to prison

Posted on 13:03 by Unknown
Jason Michael Milmont, of Cheyenne, Wyoming, may be only 19 years old, but he's already a very successful cybercriminal. In this Los Angeles FBI Press Release, Milmont confessed to controlling between 5,000 and 15,000 remote victims' computers, which he infected through modified versions of Limewire, and through Instant Message spam messages which lead users to infected websites. Links he placed on MySpace and PhotoBucket were also used to spread his malware.

In January, sources such as ComputerWorld were calling Nugache a challenger to the Storm Worm for its virility, and implied that hackers "tied to the Russian Business Network" may be responible for an upgraded version. Nugache was one of the first botnets to be controlled via a Peer to Peer or distributed interface. Lacking a central Command & Control made it more difficult to identify the real controller of the network.

Milmont confessed to being the programmer -- so, it was a 19 year old in Wyoming, rather than a Russian boogie man in this case. Using a graphical user interface Milmont created, he could easily harvest the stolen credentials which the Nugache worm was gathering from his victims as they logged in to their banking and credit card sites. Infected machines could be remotely upgraded to receive new versions of the malware. The third version added the key-logging software to the malware kit.

Although Milmont harvested many credentials, he is only being asked to pay $73,866.36 in restitution, for purchases made using the stolen credit cards. Milmont shipped packages to vacant addresses where he then picked the packages up himself.

Jason studied computers at Laramie County Community College in Cheyenne. One of his instructors there, Roger Findley, described him as extremely intelligent but socially awkward.

By pleading guilty, Milmont will only be charged with a single count of a violation of 1030 (a)(4), accessing a computer without authorization with intention to defraud and obtain a thing of value. The maximum sentence to that plea would be 5 years and a $250,000 fine.

View the 22 page plea agreement here.


Links:

http://www.theregister.co.uk/2008/06/28/nugache_creator_plea_agreement/
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • 2009 Year in Review
    As 2009 comes to a close I wanted to take a minute to thank all of the people who have been helpful to this blog this year, and to share bac...
  • Top Brands Imitated by Malicious Spam
    WebSense recently released an InfoGraphic titled "Top Five Subject Lines in Phishing Emails." for January 1, 2013 through Septemb...
  • New BBC spam mocks Georgia's President, Spreads New Virus
    This morning we've received more than 300 copies of a new "BBC" spam campaign which mocks Georgia's President and spreads ...
  • A New Year and Anti-Virus Products Are Still Losing
    One of our most popular blog posts in 2008 was back in August - Anti-Virus Products Still Fail on Fresh Viruses . I'm sad to report tha...
  • Digital Certificates Update
    A quick update from the previous post. The Digital Certificates spam campaign against Merrill Lynch continues, but the good guys seem to be ...
  • ATM Cashers in 26 Countries steal $40M
    CBS News in New York has a video on their website this morning title Cyber-attacks behind possibly record-breaking bank heist . Former FBI ...
  • Amero to Replace Dollar? Could Storm Worm Be Right?
    According to the newest version of the Storm Worm, the Amero is about to replace the dollar: The U.S. Government began to realize the plan t...
  • FAL$E HOPE$ @ CHRI$TMA$
    FAL$E HOPE$ was a Federal Trade Commission operation announced on December 12, 2006, which cracked down on Bogus Business Opportunities. C...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...
  • Minipost: NY Zeus "At Large" Codreanu and Adam captured
    We've previously posted about the FBI's Operation ACHing Mule (that's A-C-H as in Automated-Clearing-House, the way American ba...

Categories

  • china
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • facebook
  • fake av
  • gumblar
  • koobface
  • law enforcement
  • malware
  • pharmaceuticals
  • phishing
  • public policy
  • spam
  • twitter
  • twitter malware
  • waledac
  • zbot

Blog Archive

  • ►  2013 (21)
    • ►  December (4)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ►  2009 (92)
    • ►  December (12)
    • ►  November (11)
    • ►  October (16)
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (6)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ▼  2008 (101)
    • ►  December (7)
    • ►  November (17)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (12)
    • ▼  June (3)
      • 19 years old and headed to prison
      • Chinese Hackers hit Congress?
      • A Romantic June Storm
    • ►  May (7)
    • ►  April (5)
    • ►  March (2)
    • ►  February (1)
    • ►  January (4)
  • ►  2007 (31)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile