Last visit was: Sat Jul 05, 2014 4:59 am
It is currently Sat Jul 05, 2014 4:59 am

The Smoking Gun: FBI Targets Young Russian Spam Kingpin


All times are UTC - 5 hours [ DST ]


 [ 14 posts ] 
Author Message
 PostPosted: Wed Dec 01, 2010 3:38 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
http://www.thesmokinggun.com/documents/ ... am-kingpin

That would be one Oleg Nikolaenko, alleged to be the operator of the Mega-D botnet, and a senior member of the AffKing pharma and replica affiliate program. (Often referred to as SanCash as well.)

Quote:
NOVEMBER 30--An FBI investigation has identified the young Russian man behind the notorious “Mega-D” botnet, the malicious network of more than 500,000 infected computers that was capable of sending ten billion spam e-mails a day and, until late last year, reportedly accounted for nearly a third of the spam clogging the Internet, The Smoking Gun has learned.

An ongoing grand jury probe is targeting Oleg Nikolaenko, a 23-year-old Moscow resident, for allegedly violating the anti-spam law, as well as "abetting violations of the mail and wire fraud statutes," according to an affidavit sworn last month by an FBI agent (an excerpt from that document can be found here).
...
Quote:
Two of these online hustlers--Jody Smith and Lance Atkinson--have provided investigators with details of their dealings with Nikolaenko, who has used the online moniker "Docent."

That source document is also worth a read.

:silthumb:

SiL


Top
 Profile  
 PostPosted: Wed Dec 01, 2010 3:54 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Lots of followup on this one, all basing their headline on the "one third of all spam" statistic.

A third of world's spam comes from Russian man, says FBI
http://www.hindustantimes.com/A-third-o ... 33187.aspx

http://www.dailymail.co.uk/news/article ... mails.html

And another that ends on an odd conclusion between Nikolaenko and Igor Gusev:

http://rt.com/news/prime-time/fbi-hunts ... n-spammer/

SiL


Top
 Profile  
 PostPosted: Wed Dec 01, 2010 4:42 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
And Brian Krebs:

http://krebsonsecurity.com/2010/12/fbi- ... Forum+Link

SiL


Top
 Profile  
 PostPosted: Thu Dec 02, 2010 2:55 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Gar Warner has some decent followup. Nikolaenko has been arrested in Milwaukee, WI and is currently in custody.

http://garwarner.blogspot.com/2010/12/o ... er-to.html

That was fast. :)

SiL


Top
 Profile  
 PostPosted: Thu Dec 02, 2010 5:10 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
M86 has even more info:

http://labs.m86security.com/2010/12/meg ... -revealed/

Good to see Mega-D completely off of their tracking now. :)

SiL


Top
 Profile  
 PostPosted: Sat Dec 04, 2010 8:10 am   
Spam Investigator
User avatar

Joined: Wed Feb 04, 2009 3:23 pm
Posts: 342
23-year old Russian national Oleg Nikolaenko is alleged to have been responsible for one third of global spam. Read more here:

http://www.eweek.com/c/a/Security/FBI-A ... nd-773045/ and here, http://www.bbc.co.uk/news/world-us-canada-11917471

2010 has been some year. :D

Hans


Top
 Profile WWW  
 PostPosted: Sat Dec 04, 2010 10:01 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
(I merged the topics)

SiL, is there a limit on length of posts to your blog? The 2010 year end summary could be a whopper.


Top
 Profile  
 PostPosted: Sat Dec 04, 2010 11:00 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
AlphaCentauri wrote:
SiL, is there a limit on length of posts to your blog? The 2010 year end summary could be a whopper.

There is not. The issue now is just finding the time to collate everything together. I may be compiling that year-end report right up until the 31st. Yikes.

I don't know why it's always October - December that we see this deluge of reports of shutdowns, arrests, indictment and convictions, but I'm not going to look a gift horse in the mouth.

SiL


Top
 Profile  
 PostPosted: Sun Dec 05, 2010 3:25 pm   
Spam Investigator
User avatar

Joined: Wed Feb 04, 2009 3:23 pm
Posts: 342
It's a very positive development to see major media outlets covering news events such as this one.

e.g. here: http://cnn.com/video/?/video/us/2010/12 ... rrest.wdjt

Hans


Top
 Profile WWW  
 PostPosted: Sun Dec 05, 2010 4:54 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Here is the picture of the 23 year old "Russian Spam Kingpin" Oleg Nikolaenko who wrote the Mega-D bot


      Oleg Nikolaenko

Wikipedia has Олег Егорович Николаенко = Oleg Zhukovsky Nikolaenko
FBI has him listed as Oleg Yegorovich Nikolaenko in the Mov 3 2010 Complaint


Top
 Profile WWW  
 PostPosted: Thu Jan 06, 2011 7:48 pm   
Spam Observer
User avatar

Joined: Thu Oct 14, 2010 4:05 pm
Posts: 80
He is cute, he will be popular in prison... :lol:
Hopefully he will be spammed with a virus in prison :twisted:


Top
 Profile  
 PostPosted: Fri Jan 07, 2011 3:20 pm   
Spammer Exterminator
User avatar

Joined: Mon Feb 26, 2007 11:13 pm
Posts: 1132
Regarding the AffKing/Sancash brands: In the last two days I've seen a precipitous rise in volume, concurrent with a vaporization of many sites which had been hosting Spamit brands. It does appear to be equivalence, a cause-&-effect relationship of some kind, since I had spotted none of either group of spam-brands, at all, just a week prior.

The Affking sites which have just arisen take the form of:
Code:
110.12.21.68 (skbroadband.com/HANARO)
apparatusglass.com
bagcopper.com
bladechange.com
boatblade.com
branchkind.com
bridgefirst.com
bucketjoin.com
controljourney.com
dailyant.com
enginefoot.com
equalcertain.com
feeblefoot.com
femaleelectric.com
fertileelastic.com
fixedold.com
flybasket.com
generalfeeling.com
glovecopper.com
grassfertile.com
joinscreen.com
keepjump.com
kettleblade.com
oilfloor.com

Other domains which have recently been using that IP for name-service include:
Code:
220.196.42.138 (CNC)
acidcave.ru
acidtiger.ru
actcow.ru
actcrib.ru
adultfan.ru
adultsoap.ru
aircake.ru
airjeans.ru
alemum.ru
anchorcan.ru
anglefork.ru
antdream.ru
anttower.ru
arealion.ru
armadult.ru
axeclan.ru
axeroom.ru
axetab.ru
babegin.ru
babyblock.ru
babydock.ru
bagmob.ru
bagviper.ru
baleside.ru
ballpain.ru
bandhat.ru
bankriddle.ru
bankstamp.ru
barnwife.ru
bathelf.ru
bathmouse.ru
batrice.ru
beachdock.ru
bearpose.ru
beastboat.ru
beastsalt.ru
bedocean.ru
beerpup.ru
beltnose.ru
benchweek.ru
binletter.ru
binpoets.ru
birthyack.ru
bitkite.ru
bitsbarn.ru
bittap.ru
blametub.ru
blockboy.ru
blockpeg.ru
bloodspa.ru
bodypig.ru
bogeye.ru
bogjoke.ru
bogside.ru
bossbelt.ru
boxmic.ru
boxson.ru
boyshome.ru
brainpaper.ru
brainsolo.ru
brushcat.ru
bulbelf.ru
bulljazz.ru
buspain.ru
cafearms.ru
cakestack.ru
cakewire.ru
casepit.ru
catpose.ru
chartman.ru
checksauce.ru
chordlady.ru
clanchip.ru
clanmold.ru
clockamp.ru
cobraink.ru
codebaby.ru
corngun.ru
cribdrug.ru
deskbabe.ru
doorshelf.ru
dotrip.ru
elephantcode.ru
emailpark.ru
enginelove.ru
flagford.ru
futurehead.ru
generalsoda.ru
girlsroad.ru
gumadult.ru
hogpan.ru
indianback.ru
inkrule.ru
lidlab.ru
lifedrug.ru
lineshed.ru
maidensolo.ru
matcharea.ru
minutepod.ru
mixrack.ru
modelplane.ru
networkjack.ru
offerdress.ru
pagemarket.ru
pridefork.ru
rightdrove.com
rightheaven.com
roomlane.ru
rowrose.ru
rushtax.ru
saltwitch.ru
soapwife.ru
sonbulb.ru
spotbirth.ru
teflondoll.ru
tiepub.ru
tvsocks.ru
videodingo.ru
wifesun.ru
witchmap.ru
witchresult.ru

and

againoffice.com
Address : 220.196.42.138
in addition to   109.74.9.18

bagscreen.com
Address : 220.196.42.138
in addition to   109.74.9.18

burnmedia.ru
Address : 210.83.81.148
in addition to   218.10.16.55

dirtblues.com
Address : 8.5.1.43

fastwebbox.ru
Address : 218.10.16.55
in addition to   218.75.144.4

kettlegrass.com
Address : 220.196.42.138
in addition to   109.74.9.18

perfect-weightloss.com
Address : 207.182.138.202

rackmouse.ru
Address : 210.83.81.148
in addition to   218.10.16.55


If anybody can draw a line from Nikolaenko (or really, from anyone) to the rogue states providing hosting and cover, or if anyone can use any of these details to support that connection, wouldn't that be a beautiful thing?

_________________
Only on our site you will find a SPICE under the comprehensible prices!


Top
 Profile  
 PostPosted: Sun Oct 23, 2011 8:49 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Ref: http://en.infosud.ru/judicial_news/2011 ... 58404.html

U.S. court to try Russian 'spam king' on December 9
Dated: 17/1Oct/2011

MOSCOW, October 17 - RAPSI. The U.S. District Court for the Eastern District of Wisconsin will hear on December 9 the case of Russian citizen Oleg Nikolayenko, who has been charged with organizing a massive botnet, according to the court.

Nikolayenko was arrested at a car show in Las Vegas last November. The Federal Security Service said he is a mastermind of the Mega-D botnet. According to the court, Nikolayenko forged information in e-mails and sent them to recipients from January 2007 until November 2010.


Top
 Profile WWW  
 PostPosted: Tue Oct 25, 2011 10:46 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Ohhhh that could also be very good news.

Good find, Red.

SiL


Top
 Profile  
 [ 14 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine, Yahoo [Bot] and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008