[ISN] Microsoft Names Alleged Botnet Operator Behind Kelihos

From: InfoSec News <alerts_at_private>
Date: Wed, 25 Jan 2012 01:54:33 -0600 (CST)
http://www.darkreading.com/insider-threat/167801100/security/client-security/232500407/microsoft-names-alleged-botnet-operator-behind-kelihos.html

By Kelly Jackson Higgins
Dark Reading
Jan 24, 2012

Microsoft is continuing its legal tear against botnets: It has now named 
the botnet operator of the Kelihos botnet that it helped take down last 
fall.

The alleged perpetrator, Andrey N. Sabelnikov, a Russian engineer, has 
been added to Microsoft’s legal suit filed in U.S. District Court in 
September in relation to the botnet. The company, which worked with 
Kaspersky Lab and Kyrus to take down the spamming botnet, says the 
initial claim named co-defendants Dominique Alexander Piatti and dotFREE 
Group SRO in Microsoft’s civil lawsuit cooperated and provided 
information that led to the latest legal action against Sabelnikov as 
part of a settlement in October.

“In today’s complaint, Microsoft presented evidence to the court that 
Mr. Sabelnikov wrote the code for and either created, or participated in 
creating, the Kelihos malware. Further, the complaint alleges that he 
used the malware to control, operate, maintain and grow the Kelihos 
botnet. These allegations are based on evidence Microsoft investigators 
uncovered while analyzing the Kelihos malware,” said Richard Domingues 
Boscovich, senior attorney for Microsoft’s Digital Crimes Unit. 
“Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 
‘cz.cc’ subdomains from Mr. Piatti and dotFREE Group SRO, and misused 
those subdomains to operate and control the Kelihos botnet.”

Microsoft says Sabelnikov lives in St. Petersburg, Russia, and is a 
contractor for a software development and consulting firm who once 
worked as a software engineer and project manager at a firewall and 
antivirus firm. According to KrebsOnSecurity, that firm was Agnitum.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Tue Jan 24 2012 - 23:54:33 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 24 2012 - 23:57:18 PST