Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

September 28, 2011 at 6:20 AM

Microsoft takes down Kelihos botnet

It’s not a James Bond flick, but there is talk of codenames, takedowns, and operations with codenames that result in takedowns.

It’s a Microsoft blog post, of all things, talking about the takedown of the Kelihos botnet.

Botnets are networks of virus-infected computers that can send out spam or viruses.

In this case, “Kelihos infected Internet users’ computers with malicious software which allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children,” Richard Domingues Boscovich, senior attorney with Microsoft’s Digital Crimes Unit, wrote in the blog post.

The Kelihos botnet infected about 41,000 computers worldwide, according to Microsoft’s investigation to date.

Operation b79, as this takedown operation was codenamed, is the third time in less than two years Microsoft has taken down a botnet. It previously took down the Waledac and Rustock botnets.

As in the previous two instances, Microsoft is taking the people behind the botnet to civil court. For the first time, the company is naming a defendant. The complaint, filed Sept. 22 in the U.S. District Court for the Eastern District of Virginia, accuses Dominique Alexander Piatti, in addition to dotFREE Group SRO (a Czech company), and John Does 1-22 of owning a domain — cz.cc — and using that domain to register other subdomains used to operate and control the Kelihos botnet. The botnet injured Microsoft and its customers, the suit says.

“The Kelihos takedown is intended to send a strong message to those behind botnets that it’s unwise for them to simply try to update their code and rebuild a botnet once we’ve dismantled it,” Boscovich wrote. “When Microsoft takes a botnet down, we intend to keep it down.”

Comments

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►