Microsoft Names Developer Behind The Kelihos Spam Botnet

Microsoft has officially named a former employee of a Russian antivirus software firm as the suspect behind the Kelihos botnet attacks. The man was identified as Andrey Sabelnikov of St Petersburg, in a Microsoft legal filing.

According to Microsoft, Sabelnikov was the creator of the Kelihos botnet and that he used the software to control, operate, maintain and grow the Kelihos botnet by, among other things, infecting innocent users’ computers.

Former Cyber Security Staffer

The “defendant currently works on a freelance basis for a software development and consulting firm”, wrote Microsoft in its legal filing, and pointed out that he used to work for an anti-virus firm.

“Prior to his current employment, defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software. Defendant has a degree from the Department of Computer Systems and Programming, St Petersburg State University of Aerospace Instrument Engineering,” the filing claimed.

Microsoft has also previously alleged that Dominique Alexander Piatti and his company DotFree Group SRO, along with 22 John Does (unknown persons), are also behind the botnet, which Microsoft closed down in September last year.

Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, explained in a blog post that it had reached a settlement with Piatti and DotFree in October and that, thanks to their co-operation and new evidence, the finger of blame had been firmly pointed at Sabelnikov.

“Microsoft is committed to following the evidence, wherever it leads us through the investigation, in order to hold Kelihos’ operators accountable for their actions. We believe this is important both because of the harm caused by Kelihos and because all botnet operators should understand that there are risks and consequences for engaging in malicious activity,” Boscovich wrote.

“We also remain committed to taking what we learn from takedown operations such as these to help better arm the ‘good guys’ in protecting people from the threat,” he added.

Russian Pressure

The public naming and shaming of a Russian Federation citizen comes at a time when many technology firms are hoping to pressure the Russian authorities to tackle their homegrown cybercriminals.

Earlier this month, for example, Facebook published the names of five Russian men it believed are part of the Koobface gang, whose malware has made the group millions of pounds. The company hoped that the public exposure will force the Russian authorities to investigate the group members who live a comfortable lifestyle in St Petersburg and have been known to Facebook since 2008.

And it seems that some Russian action is being taken. Russian investigators for example who are probing a fake pharmaceutical spam operation, recently said that clues and details about the Cutwail botnet and its creator had been discovered in chat logs. Whether this signals a committed Russian intent to clamp down on cyber crime remains to be seen.

Meanwhile, spam levels have been on the slide for a while now. Just before Christmas security researchers warned that criminals are not replacing botnets but are instead turning to more targeted attacks.