Feeds

Feds pursue Russian, 23, behind ⅓ of ALL WORLD SPAM

Badges pursue bot cowboy who mustered huge Mega-D herd

The Power of One eBook: Top reasons to choose HP BladeSystem

FBI investigators have named a 23-year-old Russian as a prime suspect behind the operation of the infamous 500,000 Mega-D botnet, blamed for an estimated one in three spam emails prior to a take-down operation early last year.

Oleg Nikolaenko, a 23-year-old Moscow resident, was accused of violating US anti-spam and fraud laws in a sworn testimony by an FBI agent investigation the case, the Smoking Gun reports.

Webmail records from two Gmail accounts and financial transactions (via the ePassporte service) link Nikolaenko to the operation of the botnet, according to court paper submitted in a grand jury investigation.

The Mega-D zombie network was infamous as a prolific source of counterfeit prescription, herbal remedy and fake Rolex spam. A January 2009 takedown operation mounted by security firm FireEye hit Mega-D very hard, drastically affecting spam output, which has returned but never to the same noxious levels.

Nikolaenko is the first suspect to be named in the Mega-D botnet investigation case and not much is known about him aside from a short entry by Nikolaenko in Spamhaus's ROKSO database of the world's most prolific spammers, which can be found here.

The Russian constitution specifically prohibits extradition of its citizens. Nikolaenko previously visited the US voluntarily twice last year but he's unlikely to return once he gets wind that the feds are on his case.

Up until recently Russia was considered something of a safe haven for cybercrooks, who were left alone by the authorities providing only non-Russians were targeted and (it's rumoured) bribes to local politicians and corrupt police were paid. Some of these blackhats may have provided a conveniently deniable source for cyberattack against Georgia that accompanied armed hostilities between the two countries back in 2008.

More recently attitudes have changed as those at the top of Russia political leadership have begun to see cybercrooks as an obstacle to making the country less economically reliant on its natural energy reserves by expanding its IT sector. However, local attitudes remain inconsistent and it is difficult to predict whether or not Nikolaenko will be questioned over any offence – much less charged.

Security blogger and ex Washington Post reporter Brian Krebs noted earlier this week that the suspected operator of a large underground carding forum has expanded his business over the last four years, after been publicly outed as a significant cybercrime operator by the New York Times back in 2006. Sergey Kozerev, originally from St Petersburg, still runs a "bustling marketplace for purloined financial data", Krebs reports. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.