By of the

Authorities say he was the king of spam, a 23-year-old Russian controlling a network of infected computers generating 10 billion unwanted e-mails a day - a third of the global spam stream - until a Milwaukee FBI agent unplugged the operation.

Now, Oleg Nikolaenko awaits a hearing in federal court in Milwaukee, where he is charged with helping cyber hucksters pitch everything from counterfeit Rolex watches to fake Viagra.

According to a federal criminal complaint, agents from the FBI and the Federal Trade Commission had been tracking Nikolaenko's activities since at least 2007. The complaint outlines how international fraud artists rely on tech-savvy spammers to annoy and defraud consumers in an enterprise that generates enormous illegal profits.

Agents tracked Nikolaenko during two visits to the United States last year, and when he returned to Las Vegas last month for a popular automotive show, he was arrested Nov. 4. He was indicted Nov. 16 on one count of violating the 2003 federal CAN-SPAM Act, an offense punishable by up to five years in prison. The charges were initially not made public.

Nikolaenko is scheduled to make his initial court appearance in Milwaukee on Friday.

His attorney, Christopher Van Wagner of Madison, said the charges are only accusations and he hasn't seen any evidence or discovery material.

"We're prepared to present a rigorous defense," he said.

He said Nikolaenko has a wife and small child back in Moscow who are attempting to secure visas to come to Milwaukee and support him. Van Wagner expects to argue for his client's release on some kind of bond or control.

In an affidavit, FBI Special Agent Brett Banner lays out a primer on Internet operations, security hackers and the hunt for Nikolaenko. Banner, who specializes in computer crimes, transferred to Milwaukee from Detroit last year.

Nikolaenko's robot network, called a botnet, was dubbed Mega-D by the director of one of the Internet security firms that aided in the investigation. He said Mega-D was likely the largest in the world, generating about a third of the world's spam. The expert estimated Mega-D could send some 10 billion spam e-mails a day, all with falsified return addresses.

The investigation took off after a seller of counterfeit Rolex watches in Kansas City told authorities he spent more than $2 million for spammers to help move his products. He directed them to a co-conspirator in Australia, who controlled a digital currency account with a company registered in the British Virgin Islands. Transaction records and e-mails finally pointed investigators to Nikolaenko in Russia.

With subpoenas from a grand jury, authorities got Nikolaenko's Google mail records and found executable files like the malware that ran Mega-D.

In November 2009, a California network security company called FireEye crippled the Mega-D botnet by persuading U.S.-based Internet service providers to shut down the computers used to command and control more than 500,000 infected private computers, including about 135 in Wisconsin. In three days, Mega-D's output - which had already been cut to about 12% of all spam - nose-dived to less than 0.1 percent, according to Banner's affidavit.

Around the same time, Nikolaenko was visiting Las Vegas to attend a specialty automotive show. He returned to Russia early, authorities believe, to repair the robot network. It appears he was successful, because by the end of 2009, Mega-D had rebounded so well that it accounted for 17% of worldwide spam.

That same month, Agent Banner responded to one of the e-mails generated by Mega-D, advertising an "approved card" from "Amazon, Ltd." He followed a link that instead took him to a site advertising male enhancement drugs, and placed a $37 order. When it arrived at an address in Milwaukee, it was short some promised pills.

Atif Mushtaq is the head of research at FireEye and led the team that crippled Mega-D last year. He said in an interview Wednesday that he was encouraged by Nikolaenko's indictment and arrest and thinks it might have some effect on the Russian botnet and spam industry, though he said they have already become more careful in how they devise and operate the malware.

"But if he cooperates, he could give authorities some good information, because they all know each other there," Mushtaq said.

***

Watches yield break in case

A seller of counterfeit Rolex watches in Kansas City told authorities he spent more than $2 million with spammers to move his products. That trail led to the British Virgin Islands and finally to Oleg Nikolaenko in Russia.