Microsoft has named the man it believes to be responsible for the Kelihos botnet.
In an amended complaint filed today as part of an ongoing civil suit, Microsoft is accusing Andrey N. Sabelnikov, a citizen of Russia who lives in St. Petersburg, of writing the code for and either creating or participating in creating, the Kelihos malware. MIcrosoft also alleges that Sabelnikov used the malware to control, operate, maintain and grow the Kelihos botnet by, among other things, infecting innocent users’ computers.
Sabelnikov currrently works on a freelance basis for a software development
and consulting firm, and prior to that, worked as a software engineer and project manager at “a company that provided firewall, antivirus and security software,” according to Microsoft’s amended complaint filed in federal court in the Eastern District of Virginia.
The case stems from a civil lawsuit Microsoft filed in September after it took down the Kelihos botnet.
Botnets are networks of virus-infected computers that can send out spam or viruses. The Kelihos botnet infected at least 41,000 computers worldwide, according to Microsoft, and infected Internet users’ computers with malicious software which allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children.
In October, Microsoft settled with two of the defendants in the case — Dominique Alexander Piatti and his company, dotFREE Group SRO.
The case against the remaining defendants — identified as John Does 1-22 — remained open. Sabelnikov is one of those John Does. He was named thanks to cooperation from Piatti and dotFREE Group SRO, and new evidence, according to an official Microsoft blog post on the issue.
Microsoft says the Kelihos botnet is now inactive but that thousands of computers are still infected with its malware and advises people visit Microsoft’s virus and security solution center for information on cleaning their PCs.