We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft accuses Russian of masterminding Kelihos botnet

Digital Crimes Unit strikes again

Microsoft's determined campaign against the Kelihos botnet has seen the company file a lawsuit against the Russian man it now believes to be responsible for its operations.

In a filing to a Virginia court, Microsoft alleges that Andrey N. Sabelnikov from St. Petersburg contributed code for the malware that set up the bot, registering 3,700 Czech .cz subdomains to aid its operation.

The company's campaign against Kelihos dates back to last September when it launched a similar court action against a Czech-based domain provider the dotFREE Group and its owner Dominique Piatti, accused of hosting the domains that made Kelihos possible. Both were later exonerated after they agreed to aid Microsoft's Kelihos investigation.

The company also named "John Does 1-22" as being involved in Kelihos, one of whom must have included Sabelnikov himself.

Kelihos was always a pretty modest botnet - the number of infected hosts is not thought to have gone above 45,000 - but Microsoft sees disrupting every botnet using legal means as strategically important.

"Microsoft is committed to following the evidence wherever it leads us through the investigation in order to hold Kelihos' operators accountable for their actions," the company said in a new blog post on the case.

"We believe this is important both because of the harm caused by Kelihos and because all botnet operators should understand that there are risks and consequences for engaging in malicious activity."

The case bears a superficial resemblance to last week's naming of the Russians alleged by Facebook and other security companies to have been involved in the Koobface worm that assaulted users of various social networks between 2008 and 2010.

Critics in the security industry have voiced reservations about this 'naming and shaming' approach, worrying that it could compromise a possible future legal case against suspects.

The major difference is that Microsoft's approach is always to pursue suspects using civil actions through the courts during which supporting evidence must be examined by a judge. This approach has proved successful, closing down the operations of major botnets such as Rustock and Waledec.

More recently, the company quietly announced that it would give CERTS, ISPs and police access to its botnet monitoring system through an API.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite