Hacker Distributes Malware to Commit Online Fraud

A Computer Security Advisor for 3G Communications, John Schiefer, was charged of planting malware on users' computers without their knowledge, so that he could capture their personal information, commit identity theft and conduct bank and wire fraud, according to the US Department of Justice and US Attorney Office.

26-year-old Schiefer said it was true that he, along with some others, developed a malicious code with which they infected around 250,000 computers and created a botnet. Schiefer named his malware "Spybots", which he installed on protected PCs to intercept the computer owners' private communications with banks, like PayPal bank accounts.

The botnet that Schiefer created is comparatively small than other notorious malware-infected botnets. For instance, the Storm Worm botnet has as many as 20 Million infected computers.

Schiefer and his associates would use the recorded communications to determine the user's username, password and account number. Armed with that information, he would illicitly reach their accounts, withdraw money and spend it on personal purchases while the actual owner never realizes anything. Schiefer installed the malware mostly on computers with Microsoft operating systems like Windows. He would then make illegal access to stored information of usernames and passwords that the operating system would keep in a protected area on the hard drive known as the PStore.

Schiefer, who has also worked as a consultant for a Dutch online advertising firm, used his malware there too and made fraudulent earnings of over $19,000. According to the contract with the firm, he was required to load the company's software on computers of people who wanted that program. This was an opportunity that Schiefer and his partners leveraged to infect 150,000 PCs with his malicious software.

According to the US Attorney's Office for California, Schiefer's case is the first instance where prosecutors are dealing with a hacker involved in this kind of unlawful activity. The Federal Bureau Investigation, which probed into the crime, nabbed Schiefer on four counts of federal charges.

Schiefer faces a maximum sentence of 60 years in jail and a $1.75 Million fine. He is scheduled to appear before court in late November 2007.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 11/26/2007