Perp: Jeanson James Ancheta
Status: Convicted (pleaded guilty to all charges), in prison
Dossier: When the Feds boasted in November 2005 that they had arrested "a well-known member of the 'botmaster underground,' " they beefed up Jeanson James Ancheta's hacker cred substantially more than he deserved. In reality, Ancheta was little more than a greedy script kiddie -- one whose greatest weakness was to bite off more than he could chew.
Ancheta employed a version of the RBot Trojan horse that he'd modified and distributed to, authorities alleged, 400,000 victim PCs, aka zombies, each of which became a member of his botnet. (For the uninitiated, a bot permits the botnet host to remotely control, fairly comprehensively via an extensive set of commands, the infected PC on which it runs.) Ancheta then hired out his botnet as a resource for distributing spam, stealing credentials from victim PCs, and launching DDoS attacks -- standard operating procedure for your typical botnet-host scumbag.
Now, the efficacy of a botnet hinges on the bot staying under the radar on infected PCs. Unless the victim who owns an infected PC performs regular anti-malware scans or knows enough about malware to know what to look for, a bot can run undetected for months, precisely because it is built to call as little attention to itself as possible. Not so, Ancheta.
Unsatisfied with tidy spam sums, Ancheta sought to boost his monthly botnet booty by becoming an adware affiliate. With the easy ability to install customized adware clients on any of 400,000 machines under his direct, total control, what's not to like about that plan? How about a direct transition from anonymity to infamy, thanks to the fact that adware, as we all know by now, calls attention to itself quite dramatically.
It's one thing if your infected PC is running a bot that's spamming the rest of the Internet -- at least you can still get your news headlines from Fark. But once the ads for male enhancement pills and cheap credit start popping up, all hell breaks loose, because people want to know, How did this adware get on my system? Before you know it, the bots start coming down. What's ironic is that Ancheta wasn't aware of how well he'd distributed the bots: Male enhancement ads started popping up on computers at the Naval Air Warfare Center Weapons Division in China Lake, Calif., and at the Defense Information Systems Agency, arousing the attention of the FBI. Doh!
Upshot: Ancheta did make a fairly substantial sum distributing adware to his zombie army. Federal authorities confiscated $60,000 and a BMW he allegedly bought with his botnet earnings. Not bad, kid. Now here's your jumpsuit and prison cell.