In September, Microsoft announced it had taken down the Kelihos botnet and, for the first time, was naming a defendant in a civil court case it filed against the people behind the botnet.
The complaint, filed Sept. 22 in the U.S. District Court for the Eastern District of Virginia, accused Dominique Alexander Piatti, in addition to dotFREE Group SRO (a Czech company), and John Does 1-22 of owning a domain — cz.cc — and using that domain to register other subdomains used to operate and control the Kelihos botnet. The botnet injured Microsoft and its customers, the suit says.
Microsoft announced today that it’s reached a settlement with Piatti and his company, dotFree Group SRO and will be dismissing the lawsuit against them. The case against the John Does remains open as Microsoft continues its investigation to find out who the people behind the botnet are, according to a blog post by Microsoft senior attorney Richard Domingues Boscovich.
Botnets are networks of virus-infected computers that can send out spam or viruses. The Kelihos botnet infected at least 41,000 computers worldwide, according to Microsoft, and infected Internet users’ computers with malicious software which allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children.
“Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,” Boscovich writes in the blog post. “Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.”
As part of the settlement, Piatti agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft, and he and dotFREE Group have agreed to work with Microsoft to create some best practices to prevent abuse of free subdomains.