Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Microsoft names alleged Kelihos botnet creator

Microsoft says the man lives in St. Petersburg and used for work for a computer security software company

Microsoft has named a Russian man as the alleged creator of Kelihos, a spammy botnet that abused the company's Hotmail service until the botnet was shutdown last September.

In a legal filing on Monday, Microsoft identified the man as Andrey N. Sabelnikov of St. Petersburg, adding that he freelances for a software development company and, ironically, formerly worked as a software engineer for a computer security software company.

The public naming by Microsoft could put further pressure on Russia to investigate alleged cybercriminals, as other companies appear to be losing patience with the lack of action on cybercriminal activity traced to the country.

Earlier this month, a computer security researcher, Facebook and the security company Sophos accused five men also based in St. Petersburg of creating Koobface, a social networking worm dating from 2008. The FBI has an active investigation, but no arrests have been made in Russia.

Sabelnikov was not named in the original civil suit in the Kelihos case that Microsoft filed in the U.S. District Court for the Eastern District of Virginia.

That suit named Dominique Alexander Piatti and his company dotFREE Group SRO, along with 22 "John Does," or unidentified defendants. Piantti's company operated a domain registration service in the .cz.cc name space, which was abused by the botnet's operators to set up hosts for their control infrastructure. In October, Microsoft settled with Piantti after finding his company was not collaborating with the Kelihos operators.

Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, wrote on Monday that due to "new evidence" and cooperation by dotFREE, "we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet."

The botnet is no longer functional, but Boscovich wrote that thousands of computers are still infected with it. He wrote that the case "is not over."

Although Microsoft's case is a civil one that seeks monetary damages, the allegations made against Sabelnikov would also violate U.S. computer crime laws. But there is no precedent for extraditing criminal defendants from Russia: Article 61 of the country's constitution prohibits a Russian citizen from being extradited to another state.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Facebook, FBI, Hotmail, Microsoft, Sophos
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cybercrime, legal, Microsoft, security
Latest Blog Posts
Whitepapers
  • EMC 15-Minute Guide to Smarter Backup Transform your future
    Backup and recovery has become fundamental part of business and an essential element of information management. Information is useless to customers, employees, or business partners can't access it when it is needed. Availability and integrity of information, of the lack of, can directly impact revenues and profits - as well as company reputations. Read more.
    Learn more »
  • A buyer’s guide to application lifecycle management (ALM) solutions
    This buyer's guide describes the key criteria for application lifecycle management (ALM) solutions for today's high-performance teams. It includes key considerations for enhancing your single- or multi-vendor ALM environment.
    Learn more »
  • IDC Case Study - EMC IT Increasing Efficiency, Reducing Costs, and Optimising IT with Data Deduplication
    This IDC Buyers Case Study: Explores the benefits EMC realised from the use of a range of EMC's own backup and recovery solutions that leverage deduplication technology; Identifies the unique backup challenges for different computing environments and how data deduplication can address these environments; Highlight EMC's legacy backup environment and the changes EMC made as part of a transformation process to increase efficiency, reduce cost and optimise IT - as part of its journey to the private cloud.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments