Microsoft suspects ex-antivirus worker of Kelihos botnet creation
By Tom Brewster,
Microsoft has continued its assault on the Kelihos botnet, naming a former IT security professional as the controller of the malicious network.
An amended complaint US District Court for the Eastern District of Virginia, Microsoft alleged that Russian Andrey Sabelnikov was running the botnet.
In the complaint, Microsoft said Sabelnikov was working on a freelance basis for a software development and consulting firm, and had previously been a project manager at an anti-virus provider.
Thousands of computers are still infected with its malware.
The Kelihos botnet was shut down last year, but Microsoft has continued to hunt for the perpetrators and have them prosecuted.
Microsoft had previously accused Dominique Piatti, a Czech man running the dotFREE domain hosting company, claiming his business was registering subdomains used to operate Kelihos.
However, Microsoft came to the conclusion dotFREE was simply being used by Kelihos's controllers and came to an agreement with Piatti.
Cooperation with Piatti led to this week's fresh allegations against Sabelnikov.
"In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, in a blog post.
"Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware."
Microsoft also claimed Sabelnikov registered more than 3,700 'cz.cc' subdomains from dotFREE and misused them to operate and control the Kelihos botnet.
"Although the Kelihos botnet remains inactive since the successful takedown in September, thousands of computers are still infected with its malware," Boscovich warned. "This case is certainly not over."
Head here for information on how to remove Kelihos from machines.
One major issue hindering botnet fighters is the lack of regulation on the subdomain provider industry. Providers are not required to know who their customers are, meaning cyber criminals can take advantage and host malicious activities on their servers.
Read on for IT Pro's report on the war on botnets.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
