So how did the FBI get its man this time around? By busting the US-based distributor of fake Rolex watches who used Mega-D to send a good chunk of his spam. That led them on a trail that culminated in ePassporte, a money transfer service, and they found Nikolaenka's name and e-mail addresses attached to his account.

Nikolaenko had made another mistake: the e-mail accounts were Gmail addresses, and it was no trouble at all for the US to get a subpoena, forcing Google to cough up the account information. FBI agents found copies of the botnet software and much else of interest among the e-mails.

With what they needed in hand, they waited—and it didn't take long for Nikolaenko to enter the US again at JFK. A few phone calls later and he was located at the Bellagio in Vegas. The FBI obtained and then executed an arrest warrant, and now Nikolaenko faces CAN-SPAM Act charges in, of all places, Milwaukee (where the FBI agent tracking him was located).