This is an interesting post from Sam Masiello, director of threat management at MX Logic, about the resolution of the criminal case against Jason Michael Milmont.
Milmont, who wrote the Nugache worm, pleaded guilty to one count of unlawfully accessing computers in the District Court for the Central District of California. Milmont, who is all of 19 years old, will pay $74,000 and faces as much as five years in prison.
Masiello's post describes what Milmont did in fairly technical terms. The short version is that he pioneered Fast Flux, the continual changing of the IP addresses so that a botnet is more difficult to find and shut down. Masiello describes a related approach, called Double Flux, in which another key attribute is continually changed to avoid detection. It isn't clear from the post whether this technique was directly developed by Milmont or only is based on his work.
Finally, Masiello describes why Milmont's contribution is important and suggests that though Nugache is small, flux approaches paved the way for bigger problems such as the Storm botnet.
The kinds of problems created by Milmont and others are being address by the Messaging Anti-Abuse Working Group (MAAWG). The group released guidelines for ISPs aimed at slowing spam from botnets. The guidelines are well described in this PC World piece. In general, the story says, the guidelines advise ISPs on how to deal with e-mail sent from dynamic IP addresses and e-mail forwarded to them from elsewhere.
Milmont may be headed to jail and owe enough to make a college loan look puny, but it doesn't detract from his "accomplishment." He and his contemporaries -- who also mostly are kids -- know what they are doing. SiliconRepublic uses Trend Micro numbers to highlight the tremendous growth of botnets. In 2005, the piece says, there were about 2.1 million computers per month enlisted in botnets. By last yet, the average was 10 million.