Zombie master Jeanson Ancheta sentenced to 5 years in prison

May 09, 2006

Jeanson James Ancheta, 21, was sentenced to nearly five years in federal prison for using malicious software to seize control of 400,000 computers and then selling access to the zombie machines to spammers and hackers.

Prosecutors said the 57-month sentence for Ancheta, a well-known member of the "Botmaster Underground," was the longest ever handed down for spreading computer viruses. The case also marked the first federal prosecution for using such hacking methods for financial gain.

During the sentencing hearing, U.S. District Judge R. Gary Klausner characterized Ancheta's crimes as "extensive, serious and sophisticated."

Ancheta pleaded guilty in January to conspiring to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to computers used by the federal government in national defense, and accessing protected computers without authorization to commit fraud. When he pleaded guilty, Ancheta admitted using computer servers he controlled to transmit malicious code over the Internet to scan for and exploit vulnerable computers.

According to the feds, Ancheta built his botnet armies of compromised computers by infecting thousands of computers with a variant of the rxbot Trojan horse, which caused the computers to become part of the bot network without the knowledge or consent of their owners.

The botnets, each with thousands of Internet-connected computers, then reported to an Internet Relay Chat channel Ancheta controlled, where they were instructed to scan for other computers vulnerable to similar infection, and to remain zombies vulnerable to further unauthorized accesses.

Ancheta advertised his botnets online under the heading "botz4sale." After receiving payment from customers, Ancheta would allegedly give customers control of enough botnets to accomplish their specified task, along with an instruction manual, according to prosecutors.

The botnets were sold to other computer users, who used the machines to launch distributed denial of service (DDOS) attacks and to send spam. Ancheta acknowledged specifically discussing with the purchasers the nature and extent of the DDOS attacks or proxy spamming they were interested in conducting. Ancheta suggested the number of bots or proxies they would need to accomplish the specified acts, tested the botnets with them to ensure that the DDOS attacks or proxy spamming were successfully carried out, and advised them on how to properly maintain, update and strengthen their purchased armies.

Ancheta acknowledged that in more than 30 transactions, he earned $3,000 by renting out bots to spammers or people who wanted to perform denial-of-service attacks.

According to the indictment, Ancheta at one point told an associate, "it's immoral, but the money makes it right."

In relation to the computer fraud scheme, Ancheta admitted generating for himself and an unindicted co-conspirator more than $107,000 in advertising affiliate proceeds by downloading adware to more than 400,000 infected computers that he controlled. By varying the download times and rates of the adware installations, as well as by redirecting the compromised computers between various servers equipped to install different types of modified adware, Ancheta avoided detection by the advertising affiliate companies who paid him for every install. Ancheta further admitted using the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers he used to conduct his illegal activity.

Following the prison term, Ancheta will serve three years on supervised release. During that time, his access to computers and the Internet will be limited, and he will be required to pay approximately $15,000 in restitution to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, whose national defense networks were intentionally damaged by Ancheta's malicious code.

The proceeds of Ancheta's illegal activity including more than $60,000 in cash, a BMW automobile and computer equipment have been forfeited to the government.

Addressing the defendant at the conclusion of the sentencing hearing, Judge Klausner said: "Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this."

This case was investigated by the Los Angeles Field Office of the Federal Bureau of Investigation, which received assistance from the Southwest Field Office of the Naval Criminal Investigative Service and the Western Field Office of the Defense Criminal Investigative Service.

Zombie master Jeanson Ancheta pleads guilty
Alleged zombie master arrested