A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.
John Kenneth Schiefer, 26, variously known online as "acid" and "acidstorm," agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.
Investigators say Schiefer and two minors -- identified in the complaint only by their online screen names "pr1me" and "dynamic" -- broke into about 250,000 PCs. On at least 137,000 of those infected systems, Schiefer and his cohorts installed programs that allowed them to control the machines remotely. The malicious "bot" programs also allowed the attackers to steal any user names and passwords that victims had saved in Internet Explorer.
