Mega-D
   HOME

TheInfoList



Click Here for Items Related To - Mega-D
OR:
Mega-D on:   [Wikipedia]   [Google]   [Amazon]

The Mega-D, also known by its alias of Ozdok, is a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
that at its peak was responsible for sending 32% of
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
worldwide. On October 14, 2008, the U.S Federal Trade Commission, in cooperation with Marshal Software, tracked down the owners of the botnet and froze their assets. On November 6, 2009, security company
FireEye, Inc. Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigat ...
disabled the Mega-D botnet by disabling its command and control structure. This was akin to the
Srizbi botnet Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sen ...
takedown in late 2008. The Mega-D/Ozdok takedown involved coordination of dozens of
Internet service provider An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
s,
domain name registrar A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registrar ...
s, and non-profit organizations like
Shadowserver Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity (including malware, botnets, and computer fraud), sends daily network reports to subscribers, and works with law enforcemen ...
.
M86 Security M86 Security was a privately owned Internet threat protection company that specialized in Web and email security products and content filtering appliances. The company's international headquarters were located in Basingstoke, with development cente ...
researchers estimated the take down had an immediate effect on the spam from the botnet. On November 9, 2009, the spam had stopped altogether, although there was a very small trickle over the weekend, directed to a couple of small UK-based domains that they monitored. Since then the botnet bounced back, exceeding pre-takedown levels by Nov. 22, and constituting 17% of worldwide spam by Dec. 13. In July 2010, researchers from
University of California, Berkeley The University of California, Berkeley (UC Berkeley, Berkeley, Cal, or California) is a public land-grant research university in Berkeley, California. Established in 1868 as the University of California, it is the state's first land-grant u ...
published a model of Mega-D's protocol
state-machine A finite-state machine (FSM) or finite-state automaton (FSA, plural: ''automata''), finite automaton, or simply a state machine, is a mathematical model of computation. It is an abstract machine that can be in exactly one of a finite number o ...
, revealing the internals of the proprietary protocol for the first time.C.Y. Cho, D. Babic, R. Shin, and D. Song
Inference and Analysis of Formal Models of Botnet Command and Control Protocols
2010 ACM Conference on Computer and Communications Security. The protocol was obtained through automatic
Reverse Engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
technique developed by the Berkeley researchers. Among other contributions, their research paper reveals a flaw in the Mega-D protocol allowing template milking, i.e., unauthorized spam template downloading. Such a flaw could be used to acquire spam templates and train
spam filters Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly appl ...
before spam hits the network.


Arrest

In November 2010,
Oleg Nikolaenko Oleg Yegorovich Nikolaenko ( rus, Олег Егорович Николаенко; born July 17, 1987) is a Russian computer criminal who created the Mega-D botnet, violating the CAN-SPAM Act of 2003. Federal investigators believe his activities m ...
was arrested in
Las Vegas, Nevada Las Vegas (; Spanish for "The Meadows"), often known simply as Vegas, is the 25th-most populous city in the United States, the most populous city in the state of Nevada, and the county seat of Clark County. The city anchors the Las Vegas ...
by the
Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
and charged with violations of the
CAN-SPAM Act of 2003 The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial e-mail. The law requires the Federal Trad ...
. Nikolaenko eventually pleaded guilty of operating the Mega-D botnet to create a "zombie network" of as many as 500,000 infected computers.


See also

*
Storm botnet The Storm botnet or Storm worm botnet (also known as Dorf botnet and Ecard malware) was a remotely controlled network of "zombie" computers (or "botnet") that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At ...
* MPack malware kit *
E-mail spam Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
*
Internet crime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...
*
Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules a ...
* Operation: Bot Roast *
McColo McColo was a US-based web hosting service provider that was, for a long time, the source of the majority of spam-sending activities for the entire world. In late 2008, the company was shut down by two upstream providers, Global Crossing and Hur ...
*
Srizbi botnet Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sen ...


References

{{botnets Internet security Multi-agent systems Distributed computing projects Spamming Botnets