Goldstein, who used the online nickname Digerati, allegedly worked with an 18-year-old New Zealand man known only by his online nickname, AKILL throughout the first half of 2006 to spread AKILL's bots to computers throughout the Penn State campus. The FBI was alerted to the issue when a computer server on campus crashed and agents were called in to analyze the server, which had been turned into a command and control device for a 50,000-strong botnet.
When an IRC group named Taunet to which Goldstein belonged banned him, he decided to take his revenge on the IRC networks where the group was based, and on a Web server. According to court documents, Goldstein wrote to AKILL "i can get you some good private stuff, i can also pay you to take taunet down," and offered login credentials to university computers in exchange for AKILL's assistance. After the botnet crashed the university server, Goldstein contacted AKILL again, saying "i want taunet taken down, they are starting to annoy me again ... they must stay down for at least a week or so."
Goldstein could not foresee that AKILL would cooperate with police in his New Zealand hometown of Waikato when they came with search warrants and seized his computers.
The Perp: John Schiefer
Pled guilty to: four counts of felony computer fraud crimes
Plea date: Nov. 8, 2007
One of the most notorious of the bot-herders nabbed in Bot Roast II, former computer security analyst John Schiefer, known as acidstorm, faces a maximum prison sentence of 60 years and a $1.75 million fine for operating a botnet of around 250,000 infected computers, installing password-sniffing software on roughly half of them, and then using stolen PayPal credentials to pay for hosting and other resources to help spread his botnet.
Schiefer, now 26, initially used both his home and office computer networks to spread the bots to vulnerable users of instant messaging programs. After victims clicked a link in a message, they became infected. He then used the botnet to foist an adware program from a Dutch company called TopConverting onto the computers of victims, earning 20 cents for each installation. According to the plea agreement, Schiefer admits that he earned more than $19,000 from TopConverting in about two months.
At the same time, Schiefer installed software onto the victims' computers, which scanned their Web traffic for sensitive user names and passwords -- specifically for PayPal and other financial Web sites -- and used that stolen information to pay for domain registrations and Web server space. Another piece of malware spread by the botnet to the victims, psniffer, could pull saved passwords from the Windows Protected Store, a location where the Internet Explorer browser collects passwords that users choose to save for later use, and send that information onward to him.
Prior to his arrest, Schiefer says he learned the error of his ways and stopped managing the botnet. In published interviews, he's said that he hopes his cooperation with law enforcement will help lighten his sentence.
The Perp: Robert Bentley
Indicted for: coding, controlling, and using botnets to defraud an advertising business
Indictment date: Nov. 27, 2007
Not only did Robert Bentley spread and manage botnets, but he's the only member of the Bot Roast II party accused of creating an IRC bot for this purpose. Bentley used his bots to foist adware onto the computers of unsuspecting victims, netting considerable cash in the process.