Jeanson James Ancheta, of Downey, Calif., had been arrested in November by the FBI and charged with 17 counts of conspiracy, computer damage, fraud, and money laundering.
On Monday, he pleaded guilty to four counts of conspiring to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to federal computers, and accessing protected computers without authorization. He could face as many as 25 years in prison, although prosecutors said it was more likely he'd spend 4 to 6 years behind bars.
According to the FBI and federal prosecutors, Ancheta used a variation of the "rdbot" bot worm to infect up to 400,000 PCs, then rented out the resulting botnet to others to spew spam or launch denial-of-service (Dos) attacks. He also illegally installed adware from companies since acquired by 180solutions on the compromised computers to generate click-ad affiliate revenues.
His take from renting the botnet to spammers and criminals was only $3,000, federal authorities said, but he raked in over $60,000 as an adware affiliate.
In addition to the jail time he faces, Ancheta will have to pay $15,000 in restitution to the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, Calif., and the Defense Information Systems Agency, whose systems were infiltrated. He will also have to hand over $60,000 in cash, a BMW, and computer hardware.
Ancheta will be sentenced May 1.
Other botnet operators, sometimes called "botnet herders," have been arrested, but not brought to trial. In October 2005, for example, Dutch authorities nabbed three men who had allegedly collected 1.5 million PCs into a massive botnet they used in a DoS extortion attempt against adware purveyor 180solutions.
The original 52-page indictment against Ancheta that was filed by the U.S. Attorney's office in November can be downloaded in PDF format from here.