Microsoft names ex-antivirus employee as botnet 'suspect'

The shadow of a hand covers a computer keyboard The Kelihos botnet controlled about 41,000 machines at its peak, Microsoft said

Related Stories

Microsoft said it suspects a former employee of an antivirus software firm was behind the Kelihos botnet attacks.

Russian citizen Andrey Sabelnikov "wrote and/or participated in creating" the harmful software which infected thousands of machines, Microsoft said.

Kelihos was used for sending out spam and spreading malware until it was "neutralised" in September 2011.

In a blog posting, the Microsoft's lead attorney warned that thousands of PCs remain infected with Kelihos' software.

The firm said that it had filed an amended complaint with the US District Court for the Eastern District of Virginia regarding the matter.

Richard Domingues Boscovich wrote: "Microsoft presented evidence to the court that Mr Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware.

"Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet.

"These allegations are based on evidence Microsoft investigators uncovered while analysing the Kelihos malware."

'Wrong route'

Mr Boscovich urged users who were worried that they might have been affected by the botnet to visit Microsoft's website for advice.

Microsoft said Mr Sabelnikov is currently working on a freelance basis with a software development and consulting firm.

Prior to this, Mr Sabelnikov is said to have worked as a software engineer and project manager at "a company that provided firewall, antivirus and security software".

Microsoft did not name the company - however Mr Sabelnikov's LinkedIn profile lists St Petersburg-based antivirus firm Agnitum among Mr Sabelnikov's former employers.

Agnitum's sales and marketing director Vitaliy Yanko told the BBC: "I have checked the info and may confirm that Andrey Sabelnikov worked at Agnitum from 2005 till 2008.

"Afterwards our ways parted. Seems that he chose the wrong route afterwards."

The BBC has sent a message to Mr Sabelnikov's LinkedIn account asking him to respond to the accusations.

Vulnerabilities

Botnets like Kelihos are created by the spread of malicious software, often via infected emails or web browser vulnerabilities.

Each "bot", as they are known, is a hijacked computer which can be used by hackers for any number of illegal activities.

Many botnet owners make money by utilising their botnets to send large amounts of spam email.

At Kelihos' peak, it was said to have been in control of 41,000 infected machines and able to send over 3.8 billion spam emails in a day.

In October last year, a Czech hosting company, Dotfree Group SRO, settled with Microsoft after it was found to be hosting domains responsible for Kelihos' distribution.

As part of the settlement, Dominique Alexander Piatti, the group's owner, agreed to delete or transfer all of the affected domains to Microsoft.

He vowed to work closely with the company to prevent future abuse.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • An undated file photo posted on 27 August 2014 by the Raqqa Media Center of the Islamic State group, showing IS fighters waving the group's flag from a damaged government fighter jet in Raqqa, Syria.Adapt or die?

    IS militants seem to be changing tactics after air strikes


  • signClean and tidy

    Things that could only happen in a Hong Kong protest


  • Child eating ice creamTooth top tips

    Experts on ways to encourage children to look after their teeth


  • Almaz cleaning floorAlmaz's prison

    Beaten and raped - the story of an African servant in Saudi Arabia


  • Train drawn by Jonathan Backhouse, 1825Original 'geeks'

    What hobby did this drawing start in 1825?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.