US 'botmaster' faces up to 60 years prison

Summary:A Los Angeles man is facing up to 60 years in prison and fines of up to US$1.75 million after admitting to infecting at least 250,000 PCs with information-stealing malware.

A Los Angeles man is facing up to 60 years in prison and fines of up to US$1.75 million after admitting to infecting at least 250,000 PCs with information-stealing malware.

By day, 26-year-old John Kenneth Schiefer worked as a security consultant for the company 3G Communications. By night he operated a 250,000 PC botnet, which US federal prosecutors are claiming he used to steal information and money from users of eBay's online banking service, PayPal.

The malicious software developed by Schiefer accessed the Windows system feature "Protected Store", which encrypts and stores passwords for online accounts.

Investigators are yet to determine the full amount of money stolen from victim's accounts.

Schiefer also distributed software on behalf of a Dutch Internet advertising company, Simpel Internet. He installed the software on 150,000 computers, netting him US$19,000 in commissions, but did so without the user's consent.

The botnet created by Schiefer is relatively small compared to other notorious malware distributions. Some estimates of the size of a botnet associated with the Storm worm suggest up to 20 million PCs.

Schiefer is pleading guilty to four charges of fraud and wiretapping and is expected to be arraigned on 3 December.

Topics: Malware

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.