Nugache Creator: Young, Smart and a Felon

Carl Weinschenk

This is an interesting post from Sam Masiello, director of threat management at MX Logic, about the resolution of the criminal case against Jason Michael Milmont.

 

Milmont, who wrote the Nugache worm, pleaded guilty to one count of unlawfully accessing computers in the District Court for the Central District of California. Milmont, who is all of 19 years old, will pay $74,000 and faces as much as five years in prison.

 

Masiello's post describes what Milmont did in fairly technical terms. The short version is that he pioneered Fast Flux, the continual changing of the IP addresses so that a botnet is more difficult to find and shut down. Masiello describes a related approach, called Double Flux, in which another key attribute is continually changed to avoid detection. It isn't clear from the post whether this technique was directly developed by Milmont or only is based on his work.

 

Finally, Masiello describes why Milmont's contribution is important and suggests that though Nugache is small, flux approaches paved the way for bigger problems such as the Storm botnet.

 

The kinds of problems created by Milmont and others are being address by the Messaging Anti-Abuse Working Group (MAAWG). The group released guidelines for ISPs aimed at slowing spam from botnets. The guidelines are well described in this PC World piece. In general, the story says, the guidelines advise ISPs on how to deal with e-mail sent from dynamic IP addresses and e-mail forwarded to them from elsewhere.


 

Milmont may be headed to jail and owe enough to make a college loan look puny, but it doesn't detract from his "accomplishment." He and his contemporaries -- who also mostly are kids -- know what they are doing. SiliconRepublic uses Trend Micro numbers to highlight the tremendous growth of botnets. In 2005, the piece says, there were about 2.1 million computers per month enlisted in botnets. By last yet, the average was 10 million.



Add Comment      Leave a comment on this blog post
Jul 17, 2008 2:48 AM Gardog Gardog  says:
While the damage done by the botnets themselves is far larger, I think it is worth noting the cost and hassle caused by the defenses required against these vectors for legitimate users. These attacks effectively have requried thousands of legitimate users who wished to have email and other servers to put in far more work now that dynamic IPs have become so infamous. It's not just about protecting yourself, but also the tremendous increase in barriers to entry for legitimate businesses, organizations and private users. Five years is not too long, and $74,000 seems like a pittance. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.