Mega-D Botnet Defeated by FireEye Security Researchers

Thanks to the efforts of Atif Mushtaq, security researcher from FireEye, and two other of his collegues, Mega-D Botnet has been taken down.

Mega-D has been known to be a resilient botnet that took control of 250,000 PCs using command-and-control servers that issue instructions to run spam campaigns on the compromised computers. Also known as Ozdok, Mega-D botnet was picked apart by researchers who discovered just recently how to target the controllers to ultimately take down the botnet.

Botnets such as Mega-D usually receive online commands to carry out various functions such as in the case of Mega-D, initiate spamming campaigns. The task of taking down Mega-D not only involves ceasing the flow of instructions from its command and control servers, but isolates them and points them to servers that FireEye setup to log Mega-D’s check-in actions.

If a botnet is unable to contact its primary controllers, then it usually attempts to contact spare domains which in Mega-D's case, FireEye setup those as sinkholes to initiate an offensive effort to bring down Mega-D. This effort was orchestrated by FireEye working with the registrars of the spare domain names which Mega-D's controllers listed in the bot's programming. The sinkholes setup by security researchers logged about 250,000 Mega-D infected systems.

The whole effort of Atif Mushtaq attempting to take down the Mega-D botnet was successful only by taking an offensive stand. Mega-D accounted for 11.8 percent of spam that security company MessageLabs witnessed in the month of November 2009. Mega-D was first found to be susceptible to defeat in November of 2009 when we wrote about FireEye Striking a blow against the Ozdok/Mega-D Spam Botnet. While some researchers were unclear if Mega-D would get back on its feet, it is now apparent that with unyielding efforts we can beat this notorious botnet.