The Smoking Gun: FBI Targets Young Russian Spam Kingpin

A compendium of news related to spammers, spam arrests, spam legislation, forum spamming, cybercrime and related issues.

The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Wed Dec 01, 2010 3:38 pm

http://www.thesmokinggun.com/documents/ ... am-kingpin

That would be one Oleg Nikolaenko, alleged to be the operator of the Mega-D botnet, and a senior member of the AffKing pharma and replica affiliate program. (Often referred to as SanCash as well.)

NOVEMBER 30--An FBI investigation has identified the young Russian man behind the notorious “Mega-D” botnet, the malicious network of more than 500,000 infected computers that was capable of sending ten billion spam e-mails a day and, until late last year, reportedly accounted for nearly a third of the spam clogging the Internet, The Smoking Gun has learned.

An ongoing grand jury probe is targeting Oleg Nikolaenko, a 23-year-old Moscow resident, for allegedly violating the anti-spam law, as well as "abetting violations of the mail and wire fraud statutes," according to an affidavit sworn last month by an FBI agent (an excerpt from that document can be found here).
...
Two of these online hustlers--Jody Smith and Lance Atkinson--have provided investigators with details of their dealings with Nikolaenko, who has used the online moniker "Docent."

That source document is also worth a read.

:silthumb:

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Wed Dec 01, 2010 3:54 pm

Lots of followup on this one, all basing their headline on the "one third of all spam" statistic.

A third of world's spam comes from Russian man, says FBI
http://www.hindustantimes.com/A-third-o ... 33187.aspx

http://www.dailymail.co.uk/news/article ... mails.html

And another that ends on an odd conclusion between Nikolaenko and Igor Gusev:

http://rt.com/news/prime-time/fbi-hunts ... n-spammer/

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Wed Dec 01, 2010 4:42 pm

User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Thu Dec 02, 2010 2:55 pm

Gar Warner has some decent followup. Nikolaenko has been arrested in Milwaukee, WI and is currently in custody.

http://garwarner.blogspot.com/2010/12/o ... er-to.html

That was fast. :)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Thu Dec 02, 2010 5:10 pm

M86 has even more info:

http://labs.m86security.com/2010/12/meg ... -revealed/

Good to see Mega-D completely off of their tracking now. :)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Oleg Nikolaenko Mega-D Botnet Mastermind Arrested

Postby HansTheBlueFrog » Sat Dec 04, 2010 8:10 am

23-year old Russian national Oleg Nikolaenko is alleged to have been responsible for one third of global spam. Read more here:

http://www.eweek.com/c/a/Security/FBI-A ... nd-773045/ and here, http://www.bbc.co.uk/news/world-us-canada-11917471

2010 has been some year. :D

Hans
HansTheBlueFrog
Spam Investigator
 
Posts: 343
Joined: Wed Feb 04, 2009 3:23 pm

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby AlphaCentauri » Sat Dec 04, 2010 10:01 am

(I merged the topics)

SiL, is there a limit on length of posts to your blog? The 2010 year end summary could be a whopper.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Sat Dec 04, 2010 11:00 am

AlphaCentauri wrote:SiL, is there a limit on length of posts to your blog? The 2010 year end summary could be a whopper.

There is not. The issue now is just finding the time to collate everything together. I may be compiling that year-end report right up until the 31st. Yikes.

I don't know why it's always October - December that we see this deluge of reports of shutdowns, arrests, indictment and convictions, but I'm not going to look a gift horse in the mouth.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby HansTheBlueFrog » Sun Dec 05, 2010 3:25 pm

It's a very positive development to see major media outlets covering news events such as this one.

e.g. here: http://cnn.com/video/?/video/us/2010/12 ... rrest.wdjt

Hans
HansTheBlueFrog
Spam Investigator
 
Posts: 343
Joined: Wed Feb 04, 2009 3:23 pm

Photograph of Oleg Nikolaenko

Postby Red Dwarf » Sun Dec 05, 2010 4:54 pm

Here is the picture of the 23 year old "Russian Spam Kingpin" Oleg Nikolaenko who wrote the Mega-D bot

    Image

      Oleg Nikolaenko

Wikipedia has Олег Егорович Николаенко = Oleg Zhukovsky Nikolaenko
FBI has him listed as Oleg Yegorovich Nikolaenko in the Mov 3 2010 Complaint
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10519
Joined: Tue Jun 27, 2006 2:01 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby Devilwolf » Thu Jan 06, 2011 7:48 pm

He is cute, he will be popular in prison... :lol:
Hopefully he will be spammed with a virus in prison :twisted:
Devilwolf
Spam Observer
 
Posts: 79
Joined: Thu Oct 14, 2010 4:05 pm

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby MyCanadian Spammerdeath » Fri Jan 07, 2011 3:20 pm

Regarding the AffKing/Sancash brands: In the last two days I've seen a precipitous rise in volume, concurrent with a vaporization of many sites which had been hosting Spamit brands. It does appear to be equivalence, a cause-&-effect relationship of some kind, since I had spotted none of either group of spam-brands, at all, just a week prior.

The Affking sites which have just arisen take the form of:
Code: Select all
110.12.21.68 (skbroadband.com/HANARO)
apparatusglass.com
bagcopper.com
bladechange.com
boatblade.com
branchkind.com
bridgefirst.com
bucketjoin.com
controljourney.com
dailyant.com
enginefoot.com
equalcertain.com
feeblefoot.com
femaleelectric.com
fertileelastic.com
fixedold.com
flybasket.com
generalfeeling.com
glovecopper.com
grassfertile.com
joinscreen.com
keepjump.com
kettleblade.com
oilfloor.com

Other domains which have recently been using that IP for name-service include:
Code: Select all
220.196.42.138 (CNC)
acidcave.ru
acidtiger.ru
actcow.ru
actcrib.ru
adultfan.ru
adultsoap.ru
aircake.ru
airjeans.ru
alemum.ru
anchorcan.ru
anglefork.ru
antdream.ru
anttower.ru
arealion.ru
armadult.ru
axeclan.ru
axeroom.ru
axetab.ru
babegin.ru
babyblock.ru
babydock.ru
bagmob.ru
bagviper.ru
baleside.ru
ballpain.ru
bandhat.ru
bankriddle.ru
bankstamp.ru
barnwife.ru
bathelf.ru
bathmouse.ru
batrice.ru
beachdock.ru
bearpose.ru
beastboat.ru
beastsalt.ru
bedocean.ru
beerpup.ru
beltnose.ru
benchweek.ru
binletter.ru
binpoets.ru
birthyack.ru
bitkite.ru
bitsbarn.ru
bittap.ru
blametub.ru
blockboy.ru
blockpeg.ru
bloodspa.ru
bodypig.ru
bogeye.ru
bogjoke.ru
bogside.ru
bossbelt.ru
boxmic.ru
boxson.ru
boyshome.ru
brainpaper.ru
brainsolo.ru
brushcat.ru
bulbelf.ru
bulljazz.ru
buspain.ru
cafearms.ru
cakestack.ru
cakewire.ru
casepit.ru
catpose.ru
chartman.ru
checksauce.ru
chordlady.ru
clanchip.ru
clanmold.ru
clockamp.ru
cobraink.ru
codebaby.ru
corngun.ru
cribdrug.ru
deskbabe.ru
doorshelf.ru
dotrip.ru
elephantcode.ru
emailpark.ru
enginelove.ru
flagford.ru
futurehead.ru
generalsoda.ru
girlsroad.ru
gumadult.ru
hogpan.ru
indianback.ru
inkrule.ru
lidlab.ru
lifedrug.ru
lineshed.ru
maidensolo.ru
matcharea.ru
minutepod.ru
mixrack.ru
modelplane.ru
networkjack.ru
offerdress.ru
pagemarket.ru
pridefork.ru
rightdrove.com
rightheaven.com
roomlane.ru
rowrose.ru
rushtax.ru
saltwitch.ru
soapwife.ru
sonbulb.ru
spotbirth.ru
teflondoll.ru
tiepub.ru
tvsocks.ru
videodingo.ru
wifesun.ru
witchmap.ru
witchresult.ru

and

againoffice.com
Address : 220.196.42.138
in addition to   109.74.9.18

bagscreen.com
Address : 220.196.42.138
in addition to   109.74.9.18

burnmedia.ru
Address : 210.83.81.148
in addition to   218.10.16.55

dirtblues.com
Address : 8.5.1.43

fastwebbox.ru
Address : 218.10.16.55
in addition to   218.75.144.4

kettlegrass.com
Address : 220.196.42.138
in addition to   109.74.9.18

perfect-weightloss.com
Address : 207.182.138.202

rackmouse.ru
Address : 210.83.81.148
in addition to   218.10.16.55


If anybody can draw a line from Nikolaenko (or really, from anyone) to the rogue states providing hosting and cover, or if anyone can use any of these details to support that connection, wouldn't that be a beautiful thing?
Only on our site you will find a SPICE under the comprehensible prices!
MyCanadian Spammerdeath
Spammer Exterminator
 
Posts: 1145
Joined: Mon Feb 26, 2007 11:13 pm

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby Red Dwarf » Sun Oct 23, 2011 8:49 pm

Ref: http://en.infosud.ru/judicial_news/2011 ... 58404.html

U.S. court to try Russian 'spam king' on December 9
Dated: 17/1Oct/2011

MOSCOW, October 17 - RAPSI. The U.S. District Court for the Eastern District of Wisconsin will hear on December 9 the case of Russian citizen Oleg Nikolayenko, who has been charged with organizing a massive botnet, according to the court.

Nikolayenko was arrested at a car show in Las Vegas last November. The Federal Security Service said he is a mastermind of the Mega-D botnet. According to the court, Nikolayenko forged information in e-mails and sent them to recipients from January 2007 until November 2010.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10519
Joined: Tue Jun 27, 2006 2:01 am

Re: The Smoking Gun: FBI Targets Young Russian Spam Kingpin

Postby spamislame » Tue Oct 25, 2011 10:46 am

Ohhhh that could also be very good news.

Good find, Red.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am


Return to Spam In The News

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest

cron