The Channel logo

News

By | John Leyden 24th January 2012 16:39

Microsoft fingers alleged Kelihos botnet kingpin

Suspected coder once worked for Russian antivirus biz

Microsoft has filed a lawsuit against a Russian national who allegedly created and operated the Kelihos botnet, prior to a takedown operation in September 2011.

Fresh evidence has allowed Microsoft to name Andrey N Sabelnikov as a defendant in its suit. The move follows a settlement in action brought by Microsoft against Dominique Alexander Piatti and dotFREE Group SRO last October.

Czech startup dotFREE was accused of owning domains used by the Kelihos botnet. Piatti and dotFREE were named in an initial lawsuit filed by Microsoft at the time of the original takedown. Redmond subsequently accepted dotFREE's services were abused by cybercrooks without the company's knowledge.

At its peak the Kelihos botnet infected 41,000 computers worldwide, creating a system capable of sending 3.8 billion spam messages per day. Sabelnikov allegedly wrote the code behind the Kelihos botnet as well as participating in the day-to-day operations of the botnet, according to a blog post by Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit.

In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware. Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 “cz.cc” subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos bonnet.

Sabelnikov worked as project manager at Russian antivirus firm Agnitum between 2005 and 2007, according to his LinkedIn profile, security blogger Brian Krebs reports.

Microsoft named Sabelnikov as a defendant in an amended complaint about the Kelihos botnet filed with the US District Court for the Eastern District of Virginia yesterday. ®

comment icon Read 10 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust