Nugache Worm Author Pleads Guilty

Jason Michael Milmont, the author of the Nugache worm, and the creator of what came to be known as "Fast Flux" has plead guilty to one count of unlawfully accessing computers, a felony, in a Wyoming federal court.

Fast Flux is an abuse of the domain name system (DNS) by which botnets will continually rotate the IP addresses associated with a malware infected web site to evade detection and forensic analysis.  This constant mobility makes the botnet very difficult to shut down.

There is also an evasion tactic called "Double Flux" which is similar to Fast Flux in that it will not only rotate a domain's responding IP addresses, but also that domain's authoritative name servers.  The reason that it is called "Fast" flux is because these IP addresses will rotate as often as every couple of minutes.
The Nugache worm was used to launch distributed denial of service (DDoS) attacks as well as steal personal information such as credit card numbers from the computers that were infected with Nugache.  It has been estimated that controlled up to as many as 15,000 on his botnet.

Under the terms of his deal Milmont has agreed to pay approximately $74,000 in damages and faces up to five years in federal prison. 

In my opinion, this story is only significant because of Milmont's contribution to the botnet community with how his Nugache worm used peer-to-peer networking technology and fast flux in order to create a fully redundant, interconnected network to prevent his botnet from easily being shut down.  The size of the Nugache botnet (about 15,000 computers) pales in comparison to some of the botnets that we are seeing today, but the work done by Milmont paved the way for worms like Storm which heavily relied on fast flux to stay alive.