Nugache botnet mastermind escapes jail

BotnetJason Michael Milmont, the 20-year-old hacker who admitted creating the Nugache worm which created a sophisticated botnet which used peer-to-peer technology, has escaped a prison sentence after co-operating with the authorities.

Milmont from Cheyenne, Wyoming, was sentenced earlier this week to five years of supervised probation and a year in home confinement. That’s a lot lighter than the maximum penalty of five years in jail and a fine of $250,000 he faced before he made a plea agreement.

Of course, this is likely to be little comfort for his thousands of victims, who were comandeered into his botnet between March and September 2007, after visiting a bogus website which claimed to offer a free installation of the peer-to-peer file-sharing program Limewire, but really contained a copy of the Nugache malware.

Milmont also took over compromised computers to send AOL instant messages to victims’ “buddies”, directing them to websites hosting malware. Using stolen bank account information, Milmont ordered goods that were sent to vacant addresses in the Cheyenne area.

Nugache was one of the first botnets to be controlled via P2P technology, making it harder to identify and shutdown the network’s controller. Since then we’ve seen many more botnets run in this way – where once it was possible to disable a botnet by taking down a single server, it can now feel like a Herculean task – cutting off one head only to find that another two have grown to take its place.