In the first U.S. prosecution of its kind, FBI agents arrested a 20-year-old Los Angeles man Thursday on charges that he cracked some 400,000 Windows machines and covertly installed pop-up-generating adware on them, in a scheme that allegedly brought in $60,000 in ill-gotten profits.

Jeanson Ancheta faces a 17-count federal indictment charging him with two counts of conspiracy and various forms of computer intrusion and money laundering. The government is also seeking the seizure of more than $60,000 in cash, a used BMW and some computer equipment from the alleged hacker.

According to prosecutors, in 2004 and early 2005 Ancheta used a customized form of the "rxbot" Trojan horse program to find and take control of large collections of vulnerable PCs, spinning them into "botnets" capable of being directed as one. He then installed ad-delivery programs from two adware firms: Quebec-based Gammacash and LOUDcash, which was purchased by adware giant 180solutions and renamed ZangoCash earlier this year.

Gammacash and 180solutions get their pop-up delivery code onto users' machines through third-party affiliates, which are paid for every fresh install. Adware firms officially require their partners to obtain the user's permission first -- a step unscrupulous affiliates have been known to dispense with.

Ancheta's caper allegedly began in November 2004, when he used a botnet of 26,975 computers to make about $4,000 through Gammacash's affiliate program, and another 8,744 compromised hosts to pull in $1,300 from LOUDcash. He continued cashing checks in the low four figures every few weeks, ultimately earning $58,357.86 from the scheme, according to the indictment.

180solutions spokesman Sean Sundwall confirms that Ancheta was an affiliate. "His installations fell off the cliff in January," says Sundwall. "I don't know if he wised up, or somebody was on to him, or what."

Gammacash did not immediately return a phone call Thursday. The company operates in much the same way as 180solutions, but serves adult-oriented advertising.

As a side business, Ancheta allegedly made nearly $3,000 peddling his botnets to other black hats, for use in launching denial-of-service attacks or laundering spam.

The tendency for 180solutions' adware to show up on people's machines unbidden has long made it a focus of suspicion from the anti-spyware community. But Sundwall says the company has made strong efforts to harden its system against bad actors.

This week, 180solutions announced it had helped Dutch officials crack down on a rogue distributor, and last month the company updated its adware so that the installation click-wrap notification process is presented from the company's own servers, instead of inside the code where it's vulnerable to tampering.

"It was possible for someone to hack the notification-and-consent dialog boxes, which apparently this guy did, and subvert those so it would be installed silently," says Sundwall.

http://www.wirednews.com/news/techno...w=wn_tophead_8

Will be interesting to see the outcome of this case with it being the first of its kind in the US.

Regards,

Lee