Darkode Suspect Pleads Guilty Of Selling Botnet Access

A New York man arrested in the crackdown on hacker site Darkode last month pleaded guilty on Monday to a spam-related US federal charge for selling access to computers compromised through Facebook-based malware.

Eric L. Crocker, 29, of Binghamton, New York, was charged with violating the CAN-SPAM Act and faces up to three years in prison, a $250,000 (£160,000) fine or both, according to the US Attorney’s Office for the Western District of Pennsylvania and court doucuments.

Botnet access

Prosecutors alleged that Crocker sold access to a botnet composed of computers infected by malware spread through Facebook accounts. Crocker and his associates were paid from $200 to $300 for every 10,000 infected systems by customers who used the computing power to send high volumes of spam, prosecutors said.

Computers were compromised when a user clicked on a link in a Facebook message sent by a friend who had already been affected. The system would then be infected with malware called Slenfbot or Dolbot, which would download a program called Facebook Spreader.

This would access the user’s Facebook contacts and send out malicious links to other users, according to prosecutors. Crocker, who used the online moniker “Phastman”, helped infect at least 77,000 systems, prosecutors said.

Facebook Spreader was featured on Darkode, and Crocker and others also sold botnet access on the forum, according to prosecutors.

Darkode raids

Crocker is set to be sentenced in the US District Court for the Western District of Pennsylvania on 23 November.

He was one of a number of people charged in July’s takedown of Darkode, in an operation led by the FBI and the US Attorney’s Office in Pittsburgh, working with international law enforcement organisations. Dozens of others in 20 countries were searched, arrested or charged, with arrests taking place in the UK, Sweden and Pakistan.

A 26-year-old man was arrested in Coventry, England, and was subsequently bailed.

Late in July a new version of Darkode reappeared online, with industry observers saying that none of the site’s recent users had been affected by the raids.

Are you a security pro? Try our quiz!