The Mega-D, also known by its alias of Ozdok, is a
botnet
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
that at its peak was responsible for sending 32% of
spam worldwide.
On October 14, 2008, the
U.S Federal Trade Commission, in cooperation with
Marshal Software, tracked down the owners of the botnet and froze their assets.
On November 6, 2009, security company
FireEye, Inc.
Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks.
It provides hardware, software, and services to investigat ...
disabled the Mega-D botnet by disabling its command and control structure. This was akin to the
Srizbi botnet
Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sen ...
takedown in late 2008. The Mega-D/Ozdok takedown involved coordination of dozens of
Internet service provider
An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privat ...
s,
domain name registrars, and non-profit organizations like
Shadowserver.
M86 Security
M86 Security was a privately owned Internet threat protection company that specialized in Web and email security products and content filtering appliances. The company's international headquarters were located in Basingstoke, with development cente ...
researchers estimated the take down had an immediate effect on the spam from the botnet. On November 9, 2009, the spam had stopped altogether, although there was a very small trickle over the weekend, directed to a couple of small UK-based domains that they monitored.
Since then the botnet bounced back, exceeding pre-takedown levels by Nov. 22, and constituting 17% of worldwide spam by Dec. 13.
In July 2010, researchers from
University of California, Berkeley
The University of California, Berkeley (UC Berkeley, Berkeley, Cal, or California) is a public land-grant research university in Berkeley, California. Established in 1868 as the University of California, it is the state's first land-grant u ...
published a model of Mega-D's protocol
state-machine
A finite-state machine (FSM) or finite-state automaton (FSA, plural: ''automata''), finite automaton, or simply a state machine, is a mathematical model of computation. It is an abstract machine that can be in exactly one of a finite number o ...
, revealing the internals of the proprietary protocol for the first time.
[C.Y. Cho, D. Babic, R. Shin, and D. Song]
Inference and Analysis of Formal Models of Botnet Command and Control Protocols
2010 ACM Conference on Computer and Communications Security. The protocol was obtained through automatic
Reverse Engineering technique developed by the Berkeley researchers. Among other contributions, their research paper reveals a flaw in the Mega-D protocol allowing template milking, i.e., unauthorized spam template downloading. Such a flaw could be used to acquire spam templates and train
spam filters before spam hits the network.
Arrest
In November 2010,
Oleg Nikolaenko
Oleg Yegorovich Nikolaenko ( rus, Олег Егорович Николаенко; born July 17, 1987) is a Russian computer criminal who created the Mega-D botnet, violating the CAN-SPAM Act of 2003. Federal investigators believe his activities ...
was arrested in
Las Vegas, Nevada
Las Vegas (; Spanish for "The Meadows"), often known simply as Vegas, is the 25th-most populous city in the United States, the most populous city in the state of Nevada, and the county seat of Clark County. The city anchors the Las Vega ...
by the
Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
and charged with violations of the
CAN-SPAM Act of 2003
The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial e-mail. The law requires the Federal Trad ...
.
Nikolaenko eventually pleaded guilty of operating the Mega-D botnet to create a "zombie network" of as many as 500,000 infected computers.
See also
*
Storm botnet
*
MPack malware kit
*
E-mail spam
Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming).
The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
*
Internet crime
A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...
*
Internet security
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
*
Operation: Bot Roast
*
McColo
McColo was a US-based web hosting service provider that was, for a long time, the source of the majority of spam-sending activities for the entire world. In late 2008, the company was shut down by two upstream providers, Global Crossing and Hur ...
*
Srizbi botnet
Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sen ...
References
{{botnets
Internet security
Multi-agent systems
Distributed computing projects
Spamming
Botnets