Microsoft: 'Kelihos' botnet master worked for AV vendor

Microsoft pinpoints a Russian software developer who is being accused of creating, operating and growing the notorious Kelihos botnet.

Microsoft today named a Russian software developer as the man who controlled Kelihos, a botnet linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children.

In an complaint (PDF) filed today, Microsoft pinpointed Andrey Sabelnikov as the botmaster who wrote the code for and either created, or participated in creating the Kelihos malware.

follow Ryan Naraine on twitter

Microsoft is also alleging that Sabelnikov used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware, according to Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit.

[ SEE: Ten little things to secure your online presence ]

Interestingly, Microsoft said  Sabelnikov "worked as a software engineer and project manager at a company that provided firewall, antivirus and security software." The company did not identify the antivirus vendor.

The amended complaint comes a few months after Microsoft teamed up with Kaspersky Lab (disclosure: my employer) to kill the botnet, which contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.

Microsoft originally named Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 as owning the domains and subdomains that were used to operate and control the Kelihos botnet.  The case against Piatti has since been settled and now Microsoft is acusing Sabelnikov of registered more than 3,700 “” subdomains from Piatti and dotFREE Group SRO, and misusing those subdomains to operate and control the Kelihos botnet.