Man Charged Over 10-Billion-Spams-Per-Day Botnet

Dennis Faas's picture

A Russian man has appeared in a US federal court accused of running a network of infected computers that had the capability of sending 10 billion unsolicited emails a day. Oleg Nikolaenko is said to be responsible for a third of the world's spam messages.

23-year old Nikolaenko has denied the charges, brought under the federal CAN-SPAM act. That doesn't make sending unsolicited email an offense in itself, but rather places specific restrictions upon the practice.

In this case, the claim is that the email messages contained false information, for example by disguising the identity of the sender so that the emails were less likely to be caught by spam filters.

From 35,000 to 500,000 Infected PCs

According to prosecutors, Nikolaenko was able to send the messages in bulk thanks to his control of a botnet known as Mega-D or Ozdok.

This was originally made up of at least 35,000 computers that had been remotely hijacked once infected with a virus, though prosecutors say that Nikolaenko was able to increase the number of infected PCs to 500,000. At its peak, the network was sending between 30 per cent and 35 per cent of all spam worldwide.

Officials and security experts attempted to combat the botnet in a variety of ways, first by freezing the assets of the suspected owners in 2008, then a year later taking down the "command and control" computers that sent out instructions to the hijacked machines. Mega-D was later resurrected, but earlier this year researchers at Berkeley spotted a flaw in the way the system works, making it much easier to filter out messages.

Knock-Off Rolexes Bring Empire Down

The spam messages were largely advertising male drugs and brand name watches, both of which appear to have been fakes. One man arrested over the bogus watches is thought to have been a source of information leading to Nikolaenko's arrest. (Source:

It's notable that Nikolaenko has not been charged either with operating the botnet or supplying counterfeit goods. That's likely because the spam charges should be easier to prove, but still carry a high penalty: Nikolaenko faces up to seven years in prison if convicted. (Source:

Rate this article: 
No votes yet