FBI issue warrant for Russian Mega-D botnet controller

[nsane.forums]

23 year old accused of sending third of world's spam

A Russian man has been charged with running the Mega-D botnet, which was at one time producing around a third of the world’s spam.

According to an FBI affidavit [PDF] Oleg Nikolaenko, 23, took millions of dollars from companies looking to advertise fake Rolexes, herbal remedies and counterfeit medicine and at one point sent 32 per cent of the world’s total spam emails. He was arrested at the Bellagio Hotel in Las Vegas this month and will appear in court in Milwaukee this week.

The affidavit states that Nikolaenko has run the Mega-D botnet from January 2007, sending billions of spam emails for a variety of products and raked in hundreds of thousands of dollars at a time.

The FBI got its fist lead when it arrested Jody Smith, a Kansas fake Rolex dealer. He turned over Australian Lance Atkinson, who sold herbal remedies and fake medicine online. Atkinson said he paid nearly half a million dollars to a third party known as "Docent’ for spam advertising, with Smith also paying large sums.

After establishing a link with Docent’s financial records the FBI got subpoenas and search warrants for two Gmail accounts associated with the name. These showed Nikolaenko had the necessary command and control files for the Mega-D botnet and gave access to his travel plans.

The FBI tracked Nikolaenko as he flew into Los Angeles on his twenty second birthday last year and stayed for ten days. A second visit in October was cut short after researchers at Fireye infiltrated the Mega-D botnet and shut it down. The affidavit notes Nikolaenko flew home shortly afterwards and the botnet was back in operation two weeks later.

After taking its case to court the FBI finally arrested Nikolaenko at the Speci alty Equipment Market Association (SEMA) car exhibition in Las Vegas for offences under the CAN-SPAM Act. Mega-D operations have died away since his arrest.

The affidavit provided an interesting insight into the way law enforcement works with the technology industry, It notes that the help of SecureWorks was vital in decoding false headers to reveal Nikolaenko’s contact details, as was Google’s in handing over emails.

It also showed the business sophistication of the industries supporting spam. Sellers weren’t just relying on spam to sell products, but used an 80:20 advertising mix between spam and display advertising.

View: Original Article