Security Experts:

Microsoft Dismisses Lawsuit Against Firm in Kelihos Botnet Case

Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet.

In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits.

“Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,” blogged Richard Domingues Boscovich, Senior Attorney for Microsoft’s Digital Crimes Unit. “Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.”

As part of the settlement, Piatti agreed to delete all the subdomains used to either operate the Kelihos botnet or for other illegitimate purposes or to transfer those subdomains to Microsoft. In addition, Piatti and dotFree Group will work with Microsoft to implement best practices to prevent abuse of free subdomains and use these best practices to establish a secure free Top Level Domain as they expand their business going forward.

Kelihos is just the latest botnet Microsoft has sought to take down through litigation. In 2010, the company targeted Waledac. Prior to the takedown, Microsoft estimated that Waledac infected hundreds of thousands of PCs, and had the ability to blast out more than 1.5 billion spam email messages per day. Between Dec. 3, 2009, and Dec. 21, 2009, the botnet was responsible for roughly 651 million spam messages hitting Hotmail accounts alone, according to the company.

In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 “John Does” listed as co-defendants in the lawsuit. The settlement, he noted, allows Microsoft to move forward with its investigation to uncover the other defendants and gives the company the opportunity to learn what unique IP addresses are infected with the botnet’s malware.

“As a provider of free service we were always concerned by the potential for abuse, and learned (sometimes the hard way) that security should never be underestimated,” dotFree said in a statement posted online. “No one wants to be handed a thick binder by a stranger at your nearby coffee shop saying "Microsoft is suing you"! Moving forward, we are pleased that Microsoft will continue working with dotFree and help us develop best practices for free domains and our .free Top Level Domain.”