Microsoft: 'Kelihos' botnet master worked for AV vendor

Microsoft: 'Kelihos' botnet master worked for AV vendor

Summary: Microsoft pinpoints a Russian software developer who is being accused of creating, operating and growing the notorious Kelihos botnet.

SHARE:
TOPICS: Microsoft
9

Microsoft today named a Russian software developer as the man who controlled Kelihos, a botnet linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children.

In an complaint (PDF) filed today, Microsoft pinpointed Andrey Sabelnikov as the botmaster who wrote the code for and either created, or participated in creating the Kelihos malware.follow Ryan Naraine on twitter

Microsoft is also alleging that Sabelnikov used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware, according to Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit.

[ SEE: Ten little things to secure your online presence ]

Interestingly, Microsoft said  Sabelnikov "worked as a software engineer and project manager at a company that provided firewall, antivirus and security software." The company did not identify the antivirus vendor.

The amended complaint comes a few months after Microsoft teamed up with Kaspersky Lab (disclosure: my employer) to kill the botnet, which contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.

Microsoft originally named Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 as owning the domains and subdomains that were used to operate and control the Kelihos botnet.  The case against Piatti has since been settled and now Microsoft is acusing Sabelnikov of registered more than 3,700 “cz.cc” subdomains from Piatti and dotFREE Group SRO, and misusing those subdomains to operate and control the Kelihos botnet.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

    This joker should be barred from ever touching a computer again.
    Stephen-B
  • That's the risk

    Assuming he's guilty, he'll probably never work as a programmer again; at least not for any reputable employer/customer. Hopefully, the Russian government will either prosecute him themselves or extradite him, but I'm not holding my breath.
    John L. Ries
    • Dirt bag

      The guy has a degree from the State University of Aerospace Engineering, freelances for a software consulting firm, formerly worked as a software engineer and project manager at a security company, and this is what he does with his "smarts" -- and free time.<br><br>There ought to be a bullet with his unique name on it.
      klumper
  • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

    3.8 BILLION emails a day - and a lot of them came to me!
    .
    .
    .
    They were wasted.
    Agnostic_OS
  • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

    well is the law of predators, the ones that live because there is weaker creatures in the wild. In this case the weak link is the Windows ecosystem, were millions and millions of zombie Windows hosts exists; predators knows that a Windows machine is an easy prey!
    theo_durcan
    • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

      @theo_durcan Study animals and you will find the predators will attack the weaker animals in a large herd. As other Appealing Potential Prey Loom Expectantly in certain pads and pods, they will then become the targets. It's easy to turn a blind eye when in the minority.
      RecruiterGuy
    • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

      @theo_durcan

      Because your house can be easily entered, you deserve to have strangers in your house?
      kingkong881
      • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

        @kingkong88@...

        Of course not! I believe the post was saying that Windows is overly vulnerable and easy prey for malware authors. The law of predators thing was overly dramatic, but I am sure it made him feel great when he wrote it.
        mlashinsky
  • RE: Microsoft: 'Kelihos' botnet master worked for AV vendor

    Computerworld names the companies here:
    http://www.computerworld.com/s/article/9223667/Accused_Kelihos_botnet_maker_worked_for_two_security_firms
    mattb47