FBI Busts Alleged Mega D Botnet Mastermind

Russian citizen Oleg Nilolaenko, arrested at a Las Vegas automotive show last month, is charged with operating botnet that in its heyday generated one-third of the world's spam.

Mathew Schwartz

December 2, 2010

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Strategic Security Survey: Global Threat, Local Pain

Strategic Security Survey: Global Threat, Local Pain


Strategic Security Survey: Global Threat, Local Pain (click image for larger view and for full slideshow)

According to the Milwaukee-Wisconsin Journal Sentinel, Federal Bureau of Investigation agents last month arrested the alleged mastermind behind the Mega-D botnet, named as Oleg Nikolaenko, a 23-year-old Moscow resident.

The Journal Sentinel reported, "agents from the FBI and the Federal Trade Commission had been tracking Nikolaenko's activities since at least 2007." Ultimately, he was arrested on November 4 while visiting Las Vegas to attend an automotive trade show and indicted on November 16 on one charge of violating the 2003 Can-Spam (Controlling the Assault of Non-Solicited Pornography and Marketing) Act. The timing and place of the arrest wasn't coincidental, since the Russian constitution forbids the extradition of its citizens.

The disclosure of the arrest followed The Smoking Gun's publication on Tuesday of an affidavit sworn last month by an FBI agent, which revealed that an ongoing grand jury probe was targeting Nikolaenko for violations of not only Can-Spam, but also for "abetting violations of the mail and wire fraud statutes."

The FBI Special Agent in question appears to be computer crime investigator Brett Banner, who transferred from Detroit to Milwaukee last year, said the Journal Sentinel.

According to the affidavit, the Mega-D botnet was used to send billions of scam emails per day on behalf of online criminals touting "herbal diet pills, male enhancement pills, and... counterfeit watches." Two such criminals, Jody Smith and Lance Atkinson, ultimately detailed their financial dealings with Nikolaenko to authorities. Atkinson, in particular, transferred $450,000 in commissions to Nikolaenko between June 2007 and December 2007 via online payment provider ePassporte. Finally, according to the Journal Sentinel, a subpoena of Nikolaenko's Gmail account revealed samples of malware similar to Mega-D.

Mega-D was forced offline in 2009 as a side project by employees at FireEye, an anti-botnet firm which develops equipment designed to detect suspicious network behavior.

But like so many botnets, Mega-D bounced back, ultimately generating 17% of all global spam at the end of 2009, according to M86 Labs. Earlier this year, however, researchers uncovered new weak links in the Mega-D command and control protocols, providing security firms with new techniques for defending against the botnet and fingerprinting infected machines.

Currently, Mega-D typically generates less than 5% of global spam, according to M86 Labs.

About the Author

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights