Kelihos botnet operator named in Microsoft botnet lawsuit

Microsoft has named a Russian programmer as the creator of a small spam and child pornographypeddling botnet.

Andrey N. Sabelnikov, a Russian engineer, allegedly wrote the malicious code used to create theKelihos botnet. Kelihos, which makes up about 41,000 infected machines, is believed to have beenused in conjunction with Waledacand other large spamming botnets.

Microsoft filed a lawsuit bringing down theKelihos botnet in September. Richard Domingues Boscovich, a senior attorney for MicrosoftsDigital Crimes Unit, said Kelihos was capable of sending 3.8 billion spam emails per day. We donot expect its disruption to have the breadth of impact on the Internet that our prior takedownsdid, we took this action before the botnet had an opportunity to grow further and because webelieve accountability is important, he wrote in the Microsoftblog.

Microsoft initially also named Dominique Alexander Piatti, dotFREE Group SRO of the CzechRepublic and 22 other unnamed people of owning a domain cz.cc and using cz.cc to register othersubdomains that were used to operate and control the Kelihos botnet. The software giant worked witha team at Kaspersky Lab and Kyrus Inc. to take down the operation. The takedown was the first timeMicrosoft named a defendant in one of its civil cases involving a botnet.

As part of a settlement, Piatti and dotFREE Group SRO cooperated and provided information thatled to the legal action against Sabelnikov. The case against Piatti and dotFREE Group SRO wasdismissed.

In Microsofts amended complaint, the company alleges that Sabelnikov, who lives in St.Petersburg, used the malware to control, operate, maintain and grow the Kelihos botnet. Microsoftsaid Sabelnikov previously worked for a Russian company that provided firewall, antivirus andsecurity software.

Although the Kelihos botnet remains inactive since the successful takedown in September,thousands of computers are still infected with its malware, Microsofts Boscovich said.

The takedown of the Kelihos botnet is part of a lengthy campaign to bring down botnets beingconducted by Microsofts Digital Crime division. Microsoft was successful in takingout the Waledac botnet in 2010.  Last year, the company worked with pharmaceutical giantPfizer to use legal action and takeout the Rustock botnet.