Microsoft has continued its assault on the Kelihos botnet, naming a former IT security professional as the controller of the malicious network.
An amended complaint US District Court for the Eastern District of Virginia, Microsoft alleged that Russian Andrey Sabelnikov was running the botnet.
In the complaint, Microsoft said Sabelnikov was working on a freelance basis for a software development and consulting firm, and had previously been a project manager at an anti-virus provider.
Thousands of computers are still infected with its malware.
The Kelihos botnet was shut down last year, but Microsoft has continued to hunt for the perpetrators and have them prosecuted.
Microsoft had previously accused Dominique Piatti, a Czech man running the dotFREE domain hosting company, claiming his business was registering subdomains used to operate Kelihos.
However, Microsoft came to the conclusion dotFREE was simply being used by Kelihos's controllers and came to an agreement with Piatti.
Cooperation with Piatti led to this week's fresh allegations against Sabelnikov.
"In today's complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, in a blog post.
"Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware."
Microsoft also claimed Sabelnikov registered more than 3,700 'cz.cc' subdomains from dotFREE and misused them to operate and control the Kelihos botnet.
"Although the Kelihos botnet remains inactive since the successful takedown in September, thousands of computers are still infected with its malware," Boscovich warned. "This case is certainly not over."
Head here for information on how to remove Kelihos from machines.
One major issue hindering botnet fighters is the lack of regulation on the subdomain provider industry. Providers are not required to know who their customers are, meaning cyber criminals can take advantage and host malicious activities on their servers.
Read on for IT Pro's report on the war on botnets.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
