WIRED Staff
Security

Pop-Up Hacker Gets Nearly Five Years

Jeanson Ancheta, a 21-year-old southern California hacker, was sentenced yesterday to 57 months in prison for using an automated program to hack into some 400,000 PCs and infect them with pop-up generating adware. In 2004 and early 2005, Acheta used a customized “rxbot” Trojan horse program to build a “botnet” of compromised PCs, on which […]

Jeanson Ancheta, a 21-year-old southern California hacker, was sentenced yesterday to 57 months in prison for using an automated program to hack into some 400,000 PCs and infect them with pop-up generating adware.

In 2004 and early 2005, Acheta used a customized "rxbot" Trojan horse program to build a "botnet" of compromised PCs, on which he installed ad-delivery programs from two companies: Quebec-based Gammacash, and LOUDcash, which has since been acquired by adware giant 180solutions.

From my article on Ancheta's indictment last November.

Gammacash and 180solutions get their pop-up delivery code onto users' machines through third-party affiliates, which are paid for every fresh install. Adware firms officially require their partners to obtain the user's permission first -- a step unscrupulous affiliates have been known to dispense with. Ancheta's caper allegedly began in November 2004, when he used a botnet of 26,975 computers to make about $4,000 through Gammacash's affiliate program, and another 8,744 compromised hosts to pull in $1,300 from LOUDcash. He continued cashing checks in the low four figures every few weeks, ultimately earning $58,357.86 from the scheme, according to the indictment.

Ancheta banked another $3,000 by renting out his botnet to black hats for use in launching denial-of-service attacks or laundering spam.

It's good to see prosecutors going after the people who make the internet a worse place for everyone, but five years is a long sentence for a 21-year-old on his first offense. Ancheta is in custody at the federal Metropolitan Detention Center in Los Angeles.