“Mega-D botnet”的意思、由来-开放百科全书

The Mega-D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending 32% of spam worldwide.^[1]^[2]^[3]

On October 14, 2008, the U.S Federal Trade Commission, in cooperation with Marshal Software, tracked down the owners of the botnet and froze their assets.^[4]

On November 6, 2009, security company FireEye, Inc. disabled the Mega-D botnet by disabling its command and control structure.^[5]^[6] This was akin to the Srizbi botnet takedown in late 2008. The Mega-D/Ozdok takedown involved coordination of dozens of Internet service providers, domain name registrars, and non-profit organizations like Shadowserver. M86 Security researchers estimated the take down had an immediate effect on the spam from the botnet. On November 9, 2009, the spam had stopped altogether, although there was a very small trickle over the weekend, directed to a couple of small UK-based domains that they monitored.^[7]

Since then the botnet bounced back, exceeding pre-takedown levels by Nov. 22, and constituting 17% of worldwide spam by Dec. 13.^[8]

In July 2010, researchers from University of California, Berkeley published a model of Mega-D's protocol state-machine, revealing the internals of the proprietary protocol for the first time.^[9] The protocol was obtained through automatic Reverse Engineering technique developed by the Berkeley researchers. Among other contributions, their research paper reveals a flaw in the Mega-D protocol allowing template milking, i.e., unauthorized spam template downloading. Such a flaw could be used to acquire spam templates and train spam filters before spam hits the network.

Arrest

In November 2010, Oleg Nikolaenko was arrested in Las Vegas, Nevada by the Federal Bureau of Investigation and charged with violations of the CAN-SPAM Act of 2003.^[10] Nikolaenko is suspected of operating the Mega-D botnet to create a "zombie network" of as many as 500,000 infected computers.^[11]

See also

References

1. ^{{cite web |url=http://www.networkworld.com/news/2008/020408-storm-worm-dethroned-by-sex.html |title=Storm worm dethroned by sex botnet |publisher=Networkworld.com |date= |accessdate=2010-07-31 |deadurl=yes |archiveurl=https://web.archive.org/web/20120402164500/http://www.networkworld.com/news/2008/020408-storm-worm-dethroned-by-sex.html |archivedate=2012-04-02 |df= }}
2. ^{{cite web|url=http://www.spamfighter.com/News-9799-New-Mega-D-botnet-supersedes-Storm.htm |title=New Mega-D botnet supersedes Storm |publisher=SPAMfighter |date=2008-02-01 |accessdate=2010-07-31}}
3. ^{{cite web|url=https://arstechnica.com/business/news/2008/02/new-mega-d-menace-muscles-storm-worm-aside.ars |title=New Mega-D menace muscles Storm Worm aside |publisher=ars technica |date=February 2008 |accessdate=2011-12-06}}
4. ^{{Cite news |url=https://www.nytimes.com/2008/10/15/technology/internet/15spam.html |title=Authorities Shut Down Spam Ring |date=October 14, 2008 |last=Stone |first=Brad |work=The New York Times}}
5. ^Smashing the Mega-d/Ozdok botnet in 24 hours
6. ^{{cite news | last = Cheng| first = Jacqui| title = Researchers' well-aimed stone takes down Goliath botnet | publisher = Ars Technica| date = November 11, 2009 | url = https://arstechnica.com/security/news/2009/11/researchers-well-aimed-stone-take-down-goliath-botnet.ars | accessdate = 2009-11-30}}
7. ^{{cite web | title = Mega-D botnet takes a hit | publisher = M86 Security| date = November 9, 2009 | url = http://www.m86security.com/labs/traceitem.asp?article=1161 | accessdate = 2009-11-30}}
8. ^{{cite web | title = Spam Statisti cs from the Security Labs team at M86 Security | publisher = M86 Security | url = http://www.m86security.com/labs/spam_statistics.asp | accessdate = 2010-06-07}}
9. ^C.Y. Cho, D. Babic, R. Shin, and D. Song. Inference and Analysis of Formal Models of Botnet Command and Control Protocols, 2010 ACM Conference on Computer and Communications Security.
10. ^{{cite news|last=Vielmetti|first=Bruce|url=http://www.jsonline.com/news/crime/111169714.html|title=Milwaukee FBI agent trips up Russian 'king of spam'|newspaper=Milwaukee Journal Sentinel|date=December 3, 2010|accessdate=December 3, 2010}}
11. ^{{cite news|last=Leyden|first=John|url=https://www.theregister.co.uk/2010/12/01/mega_d_botnet_suspect_named/|title=Feds pursue Russian, 23, behind ⅓ of ALL WORLD SPAM|newspaper=The Register|date=December 1, 2010|accessdate=December 3, 2010}}