Mega-D botnet
The Mega-D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending 32% of spam worldwide.[1][2][3]
On October 14, 2008, the U.S Federal Trade Commission, in cooperation with Marshal Software, tracked down the owners of the botnet and froze their assets.[4]
On November 6, 2009, security company FireEye, Inc. disabled the Mega-D botnet by disabling its command and control structure.[5][6] This was akin to the Srizbi botnet takedown in late 2008. The Mega-D/Ozdok takedown involved coordination of dozens of Internet service providers, domain name registrars, and non-profit organizations like Shadowserver. M86 Security researchers estimated the take down had an immediate effect on the spam from the botnet. On November 9, 2009, the spam had stopped altogether, although there was a very small trickle over the weekend, directed to a couple of small UK-based domains that they monitored.[7]
Since then the botnet bounced back, exceeding pre-takedown levels by Nov. 22, and constituting 17% of worldwide spam by Dec. 13.[8]
In July 2010, researchers from University of California, Berkeley published a model of Mega-D's protocol state-machine, revealing the internals of the proprietary protocol for the first time.[9] The protocol was obtained through automatic Reverse Engineering technique developed by the Berkeley researchers. Among other contributions, their research paper reveals a flaw in the Mega-D protocol allowing template milking, i.e., unauthorized spam template downloading. Such a flaw could be used to acquire spam templates and train spam filters before spam hits the network.
Arrest
<templatestyles src="Module:Hatnote/styles.css"></templatestyles>
In November 2010, Oleg Nikolaenko was arrested in Las Vegas, Nevada by the Federal Bureau of Investigation and charged with violations of the CAN-SPAM Act of 2003.[10] Nikolaenko is suspected of operating the Mega-D botnet to create a "zombie network" of as many as 500,000 infected computers.[11]
See also
- Storm botnet
- MPack malware kit
- E-mail spam
- Internet crime
- Internet security
- Operation: Bot Roast
- McColo
- Srizbi
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Smashing the Mega-d/Ozdok botnet in 24 hours
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ C.Y. Cho, D. Babic, R. Shin, and D. Song. Inference and Analysis of Formal Models of Botnet Command and Control Protocols, 2010 ACM Conference on Computer and Communications Security.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
