Microsoft Gives Up Ghost On Finding Kelihos Botnet Masters

This is the way the case ends: not with a bang but a whimper

The case of the Kelihos botnet has come to a surprisingly quiet end, as Microsoft all but called off its search for the beneficiaries of the massive malicious network.

For over a year, Microsoft has attempted to pin down the perpetrators. In September 2011, the tech giant issued a court summons to Dominique Piatti, owner of the DotFree Group in the Czech Republic, claiming his company was registering subdomains used to operate Kelihos.

Yet Microsoft decided dotFREE was simply being used by Kelihos’s controllers and came to an agreement with Piatti.

Getting the wrong guy?

In January, Microsoft named a former employee of a Russian antivirus software firm, Andrey Sabelnikov of St Petersburg, as a suspect in the hunt for the botnet’s owners. But Microsoft has now admitted its suspicions were not quite on the money.

It has now come to an agreement with Sabelnikov that whilst he wrote some of the code used to run Kelihos, he did not profit from the illicit enterprise.

“After a review and understanding of all of the details of the case, the parties were able to enter into a confidential settlement agreement in this matter, which resolves the dispute between the parties,” a joint statement from Microsoft and Sabelnikov read.

Richard Domingues Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit, said the case had given Microsoft “important intelligence and data on how botnets are built and how cyber criminals are able to access the code used to build them”.

“This information is key to our future botnet investigations and you can be assured that we will continue to take action against cyber criminals in order to protect our customers and services,” he added in a blog post.

The company said the case was closed, so it won’t be actively pursuing Kelihos’ criminal owners. The Kelihos botnet is no longer active, however.

Microsoft has been one of the most active anti-botnet forces in the IT industry. Last year, it also seized several command and control servers being used to run the Rustock malicious network, which was responsible for sending out billions of spam emails every day at its peak.

How well do you know Microsoft? Try our quiz and find out!