Application security, Threat Management, Malware

Accused Mega-D botnet operator arrested

A Russian man who is believed to be the operator of the “Mega-D” botnet, one of the largest spam senders in the world, has been arrested and is scheduled to be arraigned on Friday in federal court in Milwaukee. 

Oleg Nikolaenko, 23, of Moscow, faces two charges for allegedly using the Mega-D botnet, which consisted of hundreds of thousands of infected computers, to send billions of spam messages hawking fake Rolex watches, herbal male enhancement remedies and counterfeit prescription medications, according to the 13-page criminal complaint. Nikolaenko was arrested last month in Las Vegas, where he was staying at the Bellagio hotel and attending a car show.

Federal investigators were able to zero in on Nikolaenko with the help of Australian and New Zealand authorities and information provided by co-conspirators of a now-shuttered email marketing and counterfeiting operation dubbed Affking.

A major break for investigators came from an August 2009 guilty plea in federal court in Missouri by Affking co-conspirator Jody Smith, who admitted to selling counterfeit watches and medications, according to the criminal complaint against Nikolaenko. As part of his guilty plea, Smith admitted that he contracted with spammers to solicit customers to purchase the fake merchandise.

Smith led investigators to his Australian co-conspirator, named Lance Atkinson, who eventually provided crucial information linking Nikolaenko to the Affking counterfeit operation, the complaint states. In an interview, Atkinson admitted to posting messages on internet bulletin boards seeking spammers to promote herbal pills. One of his largest affiliates was a Russian who used an ePassoorte online account under the name of “Genbucks_dcent” to accept payment for spam services, Atkinson also revealed.

Investigators were able to determine that “Genbucks_dcent” was Nikolaenko's account through information provided by ePassporte pursuant to a federal grand jury subpoena.

It was also determined that Atkinson made several payments – totaling more than $460,000 – into Nikolaenko's account during a six-month period in 2007.

In its heyday, Nikolaenko's Mega-D botnet was capable of sending more than 10 billion spam email messages per day and accounted for more than a third of all spam, according to the complaint.

Mega-D spam activity has dwindled down over the past few months as its control servers have become unresponsive, according to researchers at security firm M86, which provided assistance to the FBI during its investigation of Nikolaenko's Mega-D botnet. Several other security companies, including FireEye and Secure Works, also aided investigators.

“It's encouraging to see law enforcement agencies going after these bot-herding criminals,” Phil Hay, lead security researcher with M86 Security wrote in a blog post Thursday. “Identifying and incapacitating the individuals behind the malware is one of the best ways to keep these giant spam-spewing systems in check.”

The disruption of Mega-D is a positive step, but other botnets are already stepping up to fill the void, Joe Stewart, director of malware analysis for SecureWorks' Counter Threat Unit security research team, told in an email Wednesday.

“We still have a long way to go in the fight against spam,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.