Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Darkode Member Admits Selling Access to Spam Botnet

Eric L. Crocker, 39, of Binghamton, New York, pleaded guilty on Monday to one count of violating the CAN-SPAM ACT. The man was a member of the recently dismantled cybercrime forum Darkode.

Eric L. Crocker, 39, of Binghamton, New York, pleaded guilty on Monday to one count of violating the CAN-SPAM ACT. The man was a member of the recently dismantled cybercrime forum Darkode.

According to authorities, Crocker, also known as “Phastman,” was involved in a scheme in which the computers of Facebook users were infected with the Slenfbot worm and a piece of malware dubbed “Facebook Spreader.”

Facebook Spreader was designed to access victims’ Facebook accounts and send their friends messages containing a link. The link pointed to the Slenfbot (Dolbot) worm, which in turn downloaded Facebook Spreader to the newly infected machine. The cycle was repeated to enlist as many computers as possible in a botnet.

The suspect rented the botnet via the Darkode forum to others who used it for sending out “massive amounts of spam.” Court documents show Crocker and his accomplices received between $200 and $300 for every 10,000 active infections. The illegal activities took place between August 2011 and October 2012.

Crocker faces up to three years in prison and a fine of $250,000. Sentencing is scheduled for November 23.

Crocker is one of the 12 individuals charged in connection with Darkode, the hacking forum dismantled by international law enforcement authorities last month. The other defendants are suspected of committing wire fraud, computer hacking, identity theft, money laundering, malware development, carding, extortion, and racketeering.

According to Europol, Darkode had between 250 and 300 members before it was shut down. The U.S. Department of Justice said the forum was brought down after it was infiltrated by FBI agents.

Less than two weeks after authorities made the announcement, someone claiming to be Darkode’s main administrator announced plans to relaunch the forum with new security measures designed to protect the website and its members. A message posted on the new site revealed that most of the staff and senior members were “intact.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe


Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...