14 DAY TRIAL // Microsoft’s Microsoft Digital Crimes Unit has been actively investigating the Kelihos botnet case since September when it took it down in collaboration with Kyrus Inc. and Kaspersky Labs.
Microsoft has been pursuing new leads in the case in an attempt to hold all those behind the botnet responsible for their actions.
On January 23rd, the Redmond-based company filed an amended complaint with the U.S. District Court for the Eastern District of Virginia, alleging that Andrey N. Sabelnikov from Russia too was responsible for the Kelihos botnet.
Sabelnikov is only one of the names that Microsoft presented in the case. The company already managed to legally disrupt the global botnet harming thousands of victims worldwide.
Back in September, Microsoft suggested that Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 owned a domain cz.cc and that they made use of it to register other subdomains for operating and controlling the Kelihos botnet.
“Our investigation showed that while some of the defendants’ subdomains may have been legitimate, many were being used for questionable purposes with links to a variety of disreputable online activities,” Richard Domingues Boscovich, senior attorney, Microsoft Digital Crimes Unit, explains.
“On Oct. 26, we successfully settled with defendants Dominique Alexander Piatti and dotFREE Group, allowing us to dismiss the case against them. Today, thanks to their cooperation and new evidence, we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet.
“In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware.”
Moreover, Microsoft alleges that he controlled, operated, maintained and grew the Kelihos botnet through the use of the malware.
The Software giant also notes that Sabelnikov registered over 3,700 “cz.cc” subdomains and used them for operating and controlling the Kelihos botnet.
Microsoft’s legal filings and evidence in this case can be found online. The company is determined to continue following the evidence so as to hold Kelihos’ operators accountable for their actions.
“We believe this is important both because of the harm caused by Kelihos and because all botnet operators should understand that there are risks and consequences for engaging in malicious activity,” Richard Domingues Boscovich continues.
The Kelihos botnet remains inactive since it has been taken down back in September, but there are still thousands of computers infected with it, Microsoft notes.