Wired’s Threat Level blog is reporting that a 27-year old Los Angeles man was sentenced to four years in prison after pleading guilty last year to infecting as many as 250,000 computers and stealing thousands of peoples’ identities and hijacking their bank accounts.
From the article:
[John] Schiefer, who went by the online handle “acidstorm,” faced as many as 60 years in prison and acknowledged using a botnet to remotely control computers across the United States. Once in control of the computers, his spybot malware allowed him to intercept computer communications. He mined usernames and passwords on accounts such as PayPal and made purchases totaling thousands of dollars without consent.
The authorities said he worked by day as an information security consultant with 3G Communications.
More on the charges in this complaint (.pdf)