Mastermind of Mega-D botnet sent 10 billion spam e-mails a day

Oleg Nikolaenko was arraigned Friday after being indicted as the ringleader of a network accountable for 32 percent of the world's spam. Image: CC freezelight/Flickr

Oleg Nikolaenko was arrested last month in Las Vegas as the suspected ringleader of the massive Mega-D botnet. Nikolaenko was arraigned Friday in Milwaukee and charged with crimes associated with generating a third of the spam circulating globally. The 23-year-old Russian is pleading not guilty.

Mega-D botnet: 32 percent of the world’s spam

At its peak, the Mega-D botnet sent out 10 billion spam e-mails every day — 32 percent of the world’s spam, according to the FBI. Using the Mega-D spambot, Oleg Nikolaenko is suspected of controlling more than 500,000 infected computers. The Mega-D botnet specialized in hawking fake Rolex watches, bogus herbal male enhancement products and counterfeit prescription drugs, especially Viagra. After a three-year investigation, the FBI caught up with Nikolaenko Nov. 4 in Las Vegas, where he was visiting from Russia to attend an auto show. The accused Mega-D botnet mastermind faces a prison sentence of up to three years and a $250,000 fine.

Tracking Oleg Nikolaenko

Oleg Nikolaenko got rich with the Mega-D spambot. FBI affidavits and court documents show he made nearly a half million dollars during a six-month period in 2007. In 2009 Nikolaenko narrowly escaped arrest when an online security firm attacked the command and control system for the Mega-D botnet. But Nikolaenko slipped away to Russia, fixed the malware and soon the spam flowed freely once again. In addition to the FBI, the operation that eventually cornered the Mega-D botnet mogul involved the Federal Trade Commission, several private security companies and investigators from Australia and New Zealand.

Google gives up Mega-D spammer

Nikolaenko’s luck ran out when a counterfeit Rolex dealer who used the Mega-D botnet was arrested. The counterfeiter gave authorities information that sent them on a trail that eventually led to a money transfer site with Nikolaenko’s Gmail address. Google was legally bound to submit account information that detailed Nikolaenko’s spamming. His lawyer says he is preparing a “rigorous defense.”