Microsoft has filed a lawsuit against a Russian national who allegedly created and operated the Kelihos botnet, prior to a takedown operation in September 2011.

Fresh evidence has allowed Microsoft to name Andrey N Sabelnikov as a defendant in its suit. The move follows a settlement in action brought by Microsoft against Dominique Alexander Piatti and dotFREE Group SRO last October.

Czech startup dotFREE was accused of owning domains used by the Kelihos botnet. Piatti and dotFREE were named in an initial lawsuit filed by Microsoft at the time of the original takedown. Redmond subsequently accepted dotFREE's services were abused by cybercrooks without the company's knowledge.

At its peak the Kelihos botnet infected 41,000 computers worldwide, creating a system capable of sending 3.8 billion spam messages per day. Sabelnikov allegedly wrote the code behind the Kelihos botnet as well as participating in the day-to-day operations of the botnet, according to a blog post by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit.

In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware. Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 “cz.cc” subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos bonnet.

Sabelnikov worked as project manager at Russian antivirus firm Agnitum between 2005 and 2007, according to his LinkedIn profile, security blogger Brian Krebs reports.

Microsoft named Sabelnikov as a defendant in an amended complaint about the Kelihos botnet filed with the US District Court for the Eastern District of Virginia yesterday. ®