The 20-year old leader of the hacking gang has been sentenced to two years in prison and his 28-year old accomplice received an 18 month jail term. They have also been fined 9,000 and 4,000 Euros respectively by the court in the Dutch town of Breda.
Prosecutors claimed that the men ran one of the largest networks of infected computers ever uncovered, which included PCs around the world. Such zombie networks, also known as botnets, are often used to launch distributed denial of service attacks (DDOS) or to launch spam campaigns.
The two men, who have not been identified, used the W32/Codbot worm (also known as Toxbot) to take remote control of innocent users' PCs between June and October 2005, with some versions of the malware capturing keypresses, in an attempt to commit identity fraud by stealing bank account information and credit card numbers.
Several other suspects in the case are still awaiting sentencing.
"Botnets are an international problem -- it is becoming increasingly common for hackers to exploit thousands of computers at once to launch denial-of-service attacks, send unwanted spam or steal from the unwary," said Graham Cluley, senior technology consultant for Sophos. "All types of organization need to put in place proper defenses to ensure their computers do not become part of a botnet. Every PC should be properly defended by up-to-date anti-virus software, firewalls, and the latest security patches."
In both cases the men have already served time in custody equivalent to their sentences, and will not have to spend any more time in jail.
