It all comes down to this guy Oleg Nikolaenko. You may not know that name but you might be very familiar with his work. Nikolaenko is a Russian accused of generating one-third of the world's spam email and he's now in custody in Milwaukee after being nabbed by the FBI. This was announced last week.
The feds have been looking into Nikolaenko for a long time now, examining his connection to a massive botnet referred to as "Mega D". Hundreds of thousands of computers are said to be involved and they're not stored in a cave somewhere; they're regular computers, perhaps owned by you, me, your mom, my cousin. The spammers hijack the processing capacity of those machines and make them carry out the spamming, unbeknownst to the owner.
The feds took a roundabout way to get to Nikolaenko. First, they busted the retailer of fake Rolex watches who had allegedly hired Nikolaenko. That led them to a payment processing service and finally to Nikolaenko's name. But they couldn't do much about the situation unless he came to the United States.
But then he did. He flew to JFK on October 30th, then on to Las Vegas where he checked into the Bellagio, and that's where the FBI got him. He was then shipped to Milwaukee where the investigation was centered.
We talk to Cisco fellow and chief security researcher Patrick Peterson about how the whole botnet worked and what the arrest means for privacy, security, and all those annoying spams.
We also talk to Nick Feamster, he leads the Network Operations and Internet Security Lab at Georgia Tech. He says if you're infected, if you're part of Mega D, it may be really hard to tell. You can analyze traffic flow, check in with your ISP, but unless you're a hardcore computer scientist, you may never be able to tell. In the mean time, update every security patch you get from Apple or Microsoft. Just make sure that's who's sending it.