FireEye: Anatomy of the Mega-D takedown

Last month, security researchers at anti-malware security appliance firm FireEye spearheaded an offensive to take down a major botnet, alternatively known as Mega-D, or Ozdok. Spam coming from Mega-D, which was at one time responsible for a third of all spam, stopped overnight as a result of the takedown efforts. FireEye's Phil Lin recaps how the company took down Mega-D and recounts the security research team's detailed study of Mega-D's active command and control servers, its fallback mechanisms and underlying botnet infrastructure. In early November 2009, FireEye security researchers spearheaded an offensive to take down a major botnet, also known as Mega-D or Ozdok. This botnet was, at its peak, responsible for sending 30% to 35% of worldwide spam.^1^,^ ^2 Spam coming from Mega-D stopped overnight as a result of the take-down efforts, according to various tracking organisations.^3 This botnet had been flying under the radar, with recorded spam operations going back as far as 2007.