Posts Tagged ‘Mega-D’

View All Spam

Mega-D Botnet Operator Revealed

By Phil Hay  •  December 2nd, 2010  •   Spam

Interesting details emerged today regarding the Mega-D botnet. The FBI has identified the Russian Oleg Nikolaenko as the operator of the botnet and has filed papers with a US District Court for his arrest. Brian Krebs from KrebsOnSecurity has a good article on the issue here, including a link to the court documents.

M86 Security Labs has monitored the Mega-D botnet closely ever since we noticed huge volumes of spam emanating from it in early 2008.  In fact we originally dubbed it Mega-D because of its numerous and distinctive “Megadik” spam campaigns at that time.  Mega-D has since had its ups and downs as various researchers and law enforcement authorities took ever greater interest in it. The timeline below shows the blog entries we have done on events relating to Mega-D over time.

The court document makes interesting reading.  The FBI found Nikolaenko through data revealed in the 2008 US Federal Trade Commission investigation into Affking, the affiliate program linked to Genbucks that was responsible for “Megadik” and other similar brands. M86 Security Labs provided assistance to the FTC and New Zealand authorities in this original investigation.  Between 6 June 2007 and 14 December 2007, payments totalling around $465,000 were made by Affking into an ePassporte account registered to Nikolaenko for the services of spamming.

Over the last few months, Mega-D spam activity has dried up and its control servers have become non-responsive. It no longer features in our spam tracking statistics. In reality, Mega-D has been on the decline for some time, probably as a result of all the interest by researchers and the authorities.

It’s encouraging to see law enforcement agencies going after these bot-herding criminals. Identifying and incapacitating the individuals behind the malware is one of the best ways to keep these giant spam-spewing systems in check.

Timeline:

Feb-2008: Spam from botnet “Mega-D” constituted 32% of spam, malware identified and control servers disabled

Feb-2008: Mega-D recovers and resumes spamming

October-2008: FTC initiates action against AffKing affiliate program

November-2008: McColo takedown halted operations on Mega-D and other spamming botnets

December-2008: Mega-D resumes spamming

November-2009: Mega-D operations disrupted by FireEye

February-2010: Mega-D resumes spamming…again

December-2010: FBI identifies Mega-D’s operator

Tags:    |    |    |    |