A New York man pleaded guilty Monday to one federal spam-related charge for selling access to a botnet of Facebook accounts on a now-shuttered cybercriminal forum.
Eric L. Crocker, 29, of Binghamton, New York, could face up to three years in prison and a US$250,000 fine, according to the U.S. Attorney's Office for the Western District of Pennsylvania. He was charged with violating the CAN-SPAM Act, according to a court document.
Crocker was accused of selling access to a botnet he and others built of compromised Facebook accounts, according to the indictment. His customers used the access to send high volumes of spam.
Crocker and others were paid between $200 to $300 for every 10,000 compromised computers, prosecutors alleged.
A computer became infected if a user clicked on a link in a Facebook message sent by one of their friends who had been previously infected. Their computer would be infected with Slenfbot or Dolbot, a malware program that would then download another harmful program called the Facebook Spreader.
That code would access the victim's Facebook contacts and send out more messages with malicious links.
Facebook Spreader was featured on Darkode, a long-running secretive cybercriminal forum that was shut down by law enforcement last month.
More than 70 people in 20 countries were either searched, arrested or charged after the FBI gained access to the forum.
Crocker will be sentenced in the U.S. District Court for the Western District of Pennsylvania on Nov. 23.