Fast flux trojan author cops plea bargain
Jason Michael Milmont, the 19 year old botnet operator and author of the Nugache trojan, has accepted a plea bargain and will shortly plead guilty to one count of computer assisted fraud. He faces up to five years behind bars, three years supervised release with restricted access to the internet, a quarter million dollar fine and almost $74,000 restitution.
Officially discovered on 30 April 2006, the Nugache trojan communicates peer to peer on TCP port 8 (IRC). Along with Storm, it is one of the very first Fast Flux trojans. It was initially ranked as a relatively low risk – although its damage potential was high, its infection rate was limited. But in December 2007 it was revamped – ostensibly at the behest of the Russian Business Network – and became as a result much more effective, gaining the capacity to evade signature based antivirus detection.
The plea bargain agreement (PDF) states that Milmont ran a botnet using the Nugache trojan from his home in Wyoming between early March through August 2007. He started out using a trojanised Limeware installer to spread the pest, but later progressed to using AOL Instant Messenger and bogus image files on community sites. At its peak, Milmont's botnet ran to between 5,000 and 15,000 computers. By its third incarnation, the trojan included a sophisticated data entry logger that could capture banking credentials.
A computing tutor at Laramie County Community College described Milmont as a "good kid" and "extremely intelligent", but somewhat asocial. He is even listed in the college's Fall 2007 Vice President's honor roll. However, this "good kid" was concurrently taking over the computers of complete strangers, capturing their credit card details and stealing from them to the tune of thousands of dollars. He went so far as to change his victims' email and telephone contact details on their account profiles to point to systems he owned in order to cover his tracks. Critically for the prosecution, Milmont stole $19,594 after the age of 18. He will shortly appear before a Cheyenne Wyoming Federal Court and plead guilty under the agreement to a single count of Title 18, United States Code, Section 1030(a)(4) – unauthorised access to a protected computer with intent to defraud.