FBI arrests man for Mega-D botnet

ACMA investigation contributes to man's arrest.

US authorities have arrested a 23-year-old Russian man believed to be responsible for one-third of the world's spam in 2008.

Oleg Nikolaenko was arrested in November for operating the 'Mega-D' botnet, so named for its distinctive 'Megadik' spam campaigns.

Nikolaenko was accused of violating the CAN-SPAM Act and playing a role in the AffKing spam operation, for which Queensland-based Lance Thomas Atkinson was penalised last year.

He reportedly pled not guilty at a US Federal Court hearing in Milwaukee, Wisconsin on Friday.

According to FBI special agent Brett E Banner's affidavit, obtained by security blog Krebs on Security (pdf), Nikolaenko was identified following Atkinson's testimony to the Australian Communications and Media Authority in December 2008.

After analysing Atkinson's chat logs and finances, US authorities discovered a Visa ePassporte account to which he had paid US$464,967.12 between June and December 2007.

The account was traced to Nikolaenko and two Google webmail accounts that were also in registered in his name.

Special agent Banner referred to reports by security vendors SecureWorks and M86 Security in his affidavit.

M86 said it had been monitoring the Mega-D botnet since early 2008. Its senior threat analyst Phil Hay said Mega-D activity had declined in recent months, and no longer accounted for any spam.

"Mega-D has been declining for some months, and spam activity had now dried up," Hay told iTnews today.

"Like other botnets, its fortunes have waxed and waned over time.  Earlier this year it was as high as 20 percent, after the [November 2009] FireEye takedown attempt."