Microsoft: 'Kelihos' botnet master worked for AV vendor

Summary:Microsoft pinpoints a Russian software developer who is being accused of creating, operating and growing the notorious Kelihos botnet.

Microsoft today named a Russian software developer as the man who controlled Kelihos, a botnet linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children.

In an complaint (PDF) filed today, Microsoft pinpointed Andrey Sabelnikov as the botmaster who wrote the code for and either created, or participated in creating the Kelihos malware.

follow Ryan Naraine on twitter

Microsoft is also alleging that Sabelnikov used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware, according to Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit.

[ SEE: Ten little things to secure your online presence ]

Interestingly, Microsoft said  Sabelnikov "worked as a software engineer and project manager at a company that provided firewall, antivirus and security software." The company did not identify the antivirus vendor.

The amended complaint comes a few months after Microsoft teamed up with Kaspersky Lab (disclosure: my employer) to kill the botnet, which contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.

Microsoft originally named Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 as owning the domains and subdomains that were used to operate and control the Kelihos botnet.  The case against Piatti has since been settled and now Microsoft is acusing Sabelnikov of registered more than 3,700 “cz.cc” subdomains from Piatti and dotFREE Group SRO, and misusing those subdomains to operate and control the Kelihos botnet.

Topics: Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.