Security Experts:

Darkode Member Admits Selling Access to Spam Botnet

Eric L. Crocker, 39, of Binghamton, New York, pleaded guilty on Monday to one count of violating the CAN-SPAM ACT. The man was a member of the recently dismantled cybercrime forum Darkode.

According to authorities, Crocker, also known as “Phastman,” was involved in a scheme in which the computers of Facebook users were infected with the Slenfbot worm and a piece of malware dubbed “Facebook Spreader.”

Facebook Spreader was designed to access victims’ Facebook accounts and send their friends messages containing a link. The link pointed to the Slenfbot (Dolbot) worm, which in turn downloaded Facebook Spreader to the newly infected machine. The cycle was repeated to enlist as many computers as possible in a botnet.

The suspect rented the botnet via the Darkode forum to others who used it for sending out “massive amounts of spam.” Court documents show Crocker and his accomplices received between $200 and $300 for every 10,000 active infections. The illegal activities took place between August 2011 and October 2012.

Crocker faces up to three years in prison and a fine of $250,000. Sentencing is scheduled for November 23.

Crocker is one of the 12 individuals charged in connection with Darkode, the hacking forum dismantled by international law enforcement authorities last month. The other defendants are suspected of committing wire fraud, computer hacking, identity theft, money laundering, malware development, carding, extortion, and racketeering.

According to Europol, Darkode had between 250 and 300 members before it was shut down. The U.S. Department of Justice said the forum was brought down after it was infiltrated by FBI agents.

Less than two weeks after authorities made the announcement, someone claiming to be Darkode’s main administrator announced plans to relaunch the forum with new security measures designed to protect the website and its members. A message posted on the new site revealed that most of the staff and senior members were “intact.”

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.