Security Experts:

Microsoft Settles With Programmer In Kelihos Botnet Case

On Friday, Microsoft announced that it has reached a settlement with Andrey N. Sabelnikov, a Russian software programmer, after naming him in the lawsuit surrounding the takedown of the Kelihos botnet. Friday’s announcement marked the close of the Kelihos case, which was initiated earlier this year, after last September’s takedown actions against the botnet itself.

On March 21, 2012, Dell SecureWorks, along with Kaspersky Lab, CrowdStrike, and the Honeynet Project, teamed-up in order to disrupt the operations of the Waledac / Kelihos botnet.

The efforts in March were due to the emergence of a second variant after September’s takedown. One week after the takedown, its controllers developed a third variant (Kelihos.C) and resumed operations. Version C had about 118,000 endpoints. While this doesn’t seem like much, these numbers represented millions of spam messages, and far too many opportunities to spread the bot’s influence after establishing itself in the U.S., Poland, and Turkey.

The second round of takedowns were successful, as computers infected with Kelihos.B are no longer able to communicate with neither Kelihos.C bots nor the command and control (C&C) infrastructure. Moreover, previously infected systems cannot be re-infected through an existing Fifesock worm infection. 

The terms of the settlement were not disclosed. However, Richard Boscovich, Assistant General Counsel for the Microsoft Digital Crimes Unit, published the following joint statement with Sabelnikov: 

“Microsoft and St. Petersburg software programmer Andrey Sabelnikov have entered into a Settlement Agreement in the matter of Microsoft v. Sabelnikov. During the negotiations, after reviewing the evidence provided by Microsoft and engaging in discussions, the parties have come to an understanding that Mr. Sabelnikov wrote code that was used in the Kelihos botnet code, but the programmer is not the operator of the botnet or involved in its activities. After a review and understanding of all of the details of the case, the parties were able to enter into a confidential settlement agreement in this matter, which resolves the dispute between the parties.”

It was also disclosed that identifying Sabelnikov alongside the other evidence collected during the case allowed Microsoft to better understand how botnets were developed and used, which will help similar investigations in the future. Silent Circle goes live – offers military encryption for smartphones

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.