Microsoft Says Ex-Antivirus Maker Ran Botnet


Microsoft has identified a former antivirus software developer as the alleged operator of a botnet that at its peak commandeered 41,000 computers and distributed more than 3.8 billion spam a day.

Andrey N. Sabelnikov of St. Petersburg, Russia, was added to an amended complaint filed Monday with the U.S. District Court in Virginia, Microsoft lead lawyer Richard Domingues Boscovich said in the company's blog. The Redmond, Wash.-based software maker claims Sabelnikov operated the Kelihos botnet, which Microsoft took down in September, along with partners Kyrus and Kaspersky Labs.

Microsoft gathered evidence on Sabelnikov with the cooperation of defendants named in the original complaint filed in September. As a result, Microsoft settled with Dominique Alexander Piatti and dotFREE Group SRO and dropped them from the complaint.

Microsoft alleges that Sabelnikov wrote the code for the Kelihos malware, which was used to control, operate, maintain and grow the Kelihos botnet. "These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware," Boscovich said.

According to the amended complaint, Sabelnikov works as a freelancer for a software development and consulting firm. Previously, the defendant worked as an engineer and product manager at a company that provided firewall, antivirus and security software. The BBC identified the company as St. Petersburg-based Agnitum, which told the British television network that Sabelnikov worked there from 2005 to 2008.

Kelihos was not the first time Microsoft took part in downing a botnet. The company last March participated in the destruction of the Rustock botnet, which security experts say cut by half the amount of spam spewing across the Internet the week after the takedown.