News Stay informed about the latest enterprise technology news and product updates.

Kelihos botnet operator named in Microsoft botnet lawsuit

Microsoft has named a Russian programmer as the one who wrote the malicious Kelihos code used to create a small botnet that peddled spam and child pornography.

Microsoft has named a Russian programmer as the creator of a small spam and child pornography peddling botnet.

Andrey N. Sabelnikov, a Russian engineer, allegedly wrote the malicious code used to create the Kelihos botnet. Kelihos, which makes up about 41,000 infected machines, is believed to have been used in conjunction with Waledac and other large spamming botnets.

Microsoft filed a lawsuit bringing down the Kelihos botnet in September. Richard Domingues Boscovich, a senior attorney for Microsoft’s Digital Crimes Unit, said Kelihos was capable of sending 3.8 billion spam emails per day. “We do not expect its disruption to have the breadth of impact on the Internet that our prior takedowns did, we took this action before the botnet had an opportunity to grow further and because we believe accountability is important,” he wrote in the Microsoft blog.

Microsoft initially also named Dominique Alexander Piatti, dotFREE Group SRO of the Czech Republic and 22 other unnamed people of owning a domain and using to register other subdomains that were used to operate and control the Kelihos botnet. The software giant worked with a team at Kaspersky Lab and Kyrus Inc. to take down the operation. The takedown was the first time Microsoft named a defendant in one of its civil cases involving a botnet.

As part of a settlement, Piatti and dotFREE Group SRO cooperated and provided information that led to the legal action against Sabelnikov. The case against Piatti and dotFREE Group SRO was dismissed.

In Microsoft’s amended complaint, the company alleges that Sabelnikov, who lives in St. Petersburg, used the malware to control, operate, maintain and grow the Kelihos botnet. Microsoft said Sabelnikov previously worked for a Russian company that provided firewall, antivirus and security software.

“Although the Kelihos botnet remains inactive since the successful takedown in September, thousands of computers are still infected with its malware,” Microsoft’s Boscovich said.

The takedown of the Kelihos botnet is part of a lengthy campaign to bring down botnets being conducted by Microsoft’s Digital Crime division. Microsoft was successful in taking out the Waledac botnet in 2010.  Last year, the company worked with pharmaceutical giant Pfizer to use legal action and take out the Rustock botnet.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.