A man, Anthony Scott Clark, rolled his own botnet, using a worm to take over 20,000 computers, which he then used to launch a distributed denial of service (DDoS) attack on eBay and others in July and August 2003. Now he’s plead guilty in U.S. District Court in San Jose, 27 December 2005. He could get 10 years in prison, a quarter million dollar fine, etc., notes Paul Ferguson.

It’s good that a bot herder got caught and may get time. But this one was unusual, indiscreet, and probably easier to catch than most.

Apparently he actually sent the worm out himself and used the resulting very large botnet himself. Most bot herders don’t do that. They use off the shelf software, they build smaller botnets, and they sell access to them to third parties which then use them for spamming, phishing, pharming, DDoS, or whatever. So this guy stuck his head up too high and got caught. Let’s see some harder cases get caught, too.

The worm used a Windows bug; no surprise. Once again, software diversity would make this sort of thing more difficult.

The worm was controled via Internet Relay Chat (IRC), the bot herder’s communication medium of choice. Nothing new in that.

Any convictions of bot herders may help convince them to move on to some safer field of crime, but the law is still a slow blunt instrument and this time caught only the most obvious of suspects.

-jsq