Microsoft today named a Russian software developer as the man who controlled Kelihos, a botnet linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children.
In an complaint (PDF) filed today, Microsoft pinpointed Andrey Sabelnikov as the botmaster who wrote the code for and either created, or participated in creating the Kelihos malware.
Microsoft is also alleging that Sabelnikov used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware, according to Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit.
The amended complaint comes a few months after Microsoft teamed up with Kaspersky Lab (disclosure: my employer) to kill the botnet, which contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.
Microsoft originally named Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 as owning the domains and subdomains that were used to operate and control the Kelihos botnet. The case against Piatti has since been settled and now Microsoft is acusing Sabelnikov of registered more than 3,700 “cz.cc” subdomains from Piatti and dotFREE Group SRO, and misusing those subdomains to operate and control the Kelihos botnet.