FBI Believes 23-Year-Old Russian is Behind the Mega-D Botnet

The FBI believes that a 23-year-old Russian citizen named Oleg Nikolaenko is the cybercriminal operating Mega-D, the botnet that was once responsible for a third of the world’s spam traffic.

According to an affidavit obtained by The Smoking Gun, the Russian man who currently resides in Moscow, is the target of an ongoing grand jury probe.

The FBI discovered Nikolaenko’s identity and supposed ties to the Mega-D botnet while investigating the major Herbal King spam network.

In October 2009, the Federal Trade Commission obtained a court order to shut down the operation and seize the assets of several US-based companies believed to be a front for one of the world’s largest spam operations.

Dubbed the Herbal King, the operation was ran by a New Zealand man named Lance Thomas Atkinson and a US citizen named Jody Smith. It involved advertising and selling counterfeit herbal products through spam.

According to evidence obtained by the FBI, Nikolaenko was one of the Herbal King network's biggest affiliates and sent spam on its behalf through a large botnet dubbed Mega-D by security researchers.

Authorities tied him to an ePassporte account showing payments received from Atkinson between June and December 2007, which totaled almost $460,000.

Until November 2009, when a security vendor called FireEye managed to severely cripple it, the Mega-D botnet was directly responsible for a third of the daily spam output on the Internet.

The botnet is still in existence today, but since the takedown it has never reached its former size again, when it counted over 500,000 infected computers.

The suspected Mega-D botrunner visited the United States on two ocassions while the FBI was investigating the case. Once in July 2009, when he stayed for ten days in Los Angeles, and another time in October 2009, when he spent 11 days and visited Las Vegas.

Since the extradition of citizens is prohibited by the Russian constitution, the only way US authorities can get their hands on Nikolaenko now is if he somehow returns to US.