The Channel logo


By | John Leyden 24th January 2012 16:39

Microsoft fingers alleged Kelihos botnet kingpin

Suspected coder once worked for Russian antivirus biz

Microsoft has filed a lawsuit against a Russian national who allegedly created and operated the Kelihos botnet, prior to a takedown operation in September 2011.

Fresh evidence has allowed Microsoft to name Andrey N Sabelnikov as a defendant in its suit. The move follows a settlement in action brought by Microsoft against Dominique Alexander Piatti and dotFREE Group SRO last October.

Czech startup dotFREE was accused of owning domains used by the Kelihos botnet. Piatti and dotFREE were named in an initial lawsuit filed by Microsoft at the time of the original takedown. Redmond subsequently accepted dotFREE's services were abused by cybercrooks without the company's knowledge.

At its peak the Kelihos botnet infected 41,000 computers worldwide, creating a system capable of sending 3.8 billion spam messages per day. Sabelnikov allegedly wrote the code behind the Kelihos botnet as well as participating in the day-to-day operations of the botnet, according to a blog post by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit.

In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware. Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 “” subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos bonnet.

Sabelnikov worked as project manager at Russian antivirus firm Agnitum between 2005 and 2007, according to his LinkedIn profile, security blogger Brian Krebs reports.

Microsoft named Sabelnikov as a defendant in an amended complaint about the Kelihos botnet filed with the US District Court for the Eastern District of Virginia yesterday. ®

comment icon Read 10 comments on this article alert Send corrections


George Osborne, photo: HM Treasury
shutterstock_183801788_container ship

Chris Mellor

The SAN growth glory days are well and truly over, so where next?

Tom Whipp

Insurance industry insider tells all
Crypto fingers


Michael Dell. Pic by Joi Ito
Cool Texas dude is just your average billionaire
The Seeing Eye by Valerie Everett, Flickr, CC2.0
Follow the money – or, at least, our projections
Boats storm girl photo via Nikolina Mrakovic
The puppets from Team America: World Police gather at a bar for drinks.