According to Sundwall, CDT shut off Ancheta's LOUDcash tap in January of this year when it finally notice the large number of installations he was being credited with.
Ancheta boasted about the ease with which adware firms could be hoodwinked, the government's indictment said. In an instant message conversation with an unnamed (and unindicted) co-conspirator living in Florida, Ancheta said "it's easy like slicing cheese." Replied the co-conspirator, named only as "SoBe" in the indictment, "I just hope this lc [LOUDcash] stuff lasts a while so I don't have to get a job right away."
Authorities allege that Ancheta received frequent payments from the adware suppliers via check or through PayPal; the biggest check was for nearly $8,000. The bulk of his illegal earnings came from Gammacash.
"My spending average is $600 a week, every friday [sic] I buy new clothes and every week I buy new parts for my car," Ancheta allegedly wrote SoBe in another AIM message.
Ancheta also is charged with another conspiracy that involved selling access to his botnet and/or selling the customized rxbot worm to other hackers who wanted to expand their own bot networks. Payments for such "rentals," however, were miniscule in comparison with the money made by dropping adware on infected PCs. In one incident outlined in the indictment, Ancheta was said to have sold access to 10,000 machines for $400 to a woman who wanted to use them as spam proxies.
Among the machines in Ancheta's botnet were PCs at the Weapons Division of the Naval Air Warfare Center in China Lake, Calif., and computers that belonged to the Defense Information Systems Agency, which is part of the Department of Defense.
If convicted, Ancheta faces up to 50 years in prison.
The government's indictment, which is in PDF format, can be read or downloaded from here.