Microsoft suspects ex-antivirus worker of Kelihos botnet creation
A Russian IT pro is accused of helping create and run the Kelihos botnet.
Microsoft has continued its assault on the Kelihos botnet, naming a former IT security professional as the controller of the malicious network.
An amended complaint US District Court for the Eastern District of Virginia, Microsoft alleged that Russian Andrey Sabelnikov was running the botnet.
In the complaint, Microsoft said Sabelnikov was working on a freelance basis for a software development and consulting firm, and had previously been a project manager at an anti-virus provider.
Thousands of computers are still infected with its malware.
The Kelihos botnet was shut down last year, but Microsoft has continued to hunt for the perpetrators and have them prosecuted.
Microsoft had previously accused Dominique Piatti, a Czech man running the dotFREE domain hosting company, claiming his business was registering subdomains used to operate Kelihos.
However, Microsoft came to the conclusion dotFREE was simply being used by Kelihos's controllers and came to an agreement with Piatti.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Cooperation with Piatti led to this week's fresh allegations against Sabelnikov.
"In today's complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, in a blog post.
"Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware."
Microsoft also claimed Sabelnikov registered more than 3,700 'cz.cc' subdomains from dotFREE and misused them to operate and control the Kelihos botnet.
"Although the Kelihos botnet remains inactive since the successful takedown in September, thousands of computers are still infected with its malware," Boscovich warned. "This case is certainly not over."
Head here for information on how to remove Kelihos from machines.
One major issue hindering botnet fighters is the lack of regulation on the subdomain provider industry. Providers are not required to know who their customers are, meaning cyber criminals can take advantage and host malicious activities on their servers.
Read on for IT Pro's report on the war on botnets.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.