December 01, 2010, 2:03 PM — An Internet ring hawking counterfeit male-enhancement remedies, phony Rolexes and generic pills with false FDA approval has led the FBI to a Russian believed to be behind the Mega-D botnet that earlier this year accounted for one in 10 spam messages sent on the Internet.
Also read: The top 10 'most wanted' spam-spewing botnets
Members of the Affking ring told investigators they hired a Russian spammer to distribute e-mail advertisement for their suspect wares, and backtracking through chat logs and e-commerce records yielded the name of Oleg Nikolaenko, 23, of Moscow, who is now believed to be the subject of a grand jury investigation, according to the Web site The Smoking Gun.
Court papers posted by The Smoking Gun say an Affking member paid Nikolaenko $459,098.47 between June 4 and Dec. 5 2007, indicating the scale of profits to be made from the botnet. It is unclear from the papers whether Nikolaenko is believed to run Mega-D or whether he just leases bots from the actual Mega-D controllers in order to send spam through them.
Using subpoenaed records from ePassport and Google, the FBI discovered Nikolaenko's name behind accounts to which Affking made payments and held communications, the court documents say.
Affking members Jody Smith of Missouri and Lance Atkinson of Australia told investigators how they contacted spammers to spread the word about the products they wanted to sell. Investigators then sifted through records about how payments were made to come up with Nikolaenko's name. Affking used ePassport's online electronic currency exchange to receive and disperse cash, the court papers say - more than $1.7 million between October 2006 and December 2007.
Security researchers working with the FBI and Federal Trade Commission investigators identified some of the zombie machines used in 2008 to spread the spam as being part of the Mega-D botnet.
A year ago, security firm FireEye took down the botnet, but it rebounded.
Read more about wide area network in Network World's Wide Area Network section.
