Microsoft Settles With Kelihos Botnet Defendant, Says He Didn't Run the Network

Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:31:21


KelihosMicrosoft on Friday said it has reached a settlement with a Russian programmer it named as a defendant in a lawsuit related to the operation of the notorious Kelihos botnet. The company said that it no longer believes Andrey N. Sabelnikov was the operator of the botnet, but was instead responsible for writing some code that was later used by the botnet.

This is a departure from the company’s earlier statements, which painted Sabelnikov as someone “responsible for the operations of the Kelihos botnet.” After working with researchers at Kaspersky Lab and other organizations to take down the Kelihos bothet in the autumn of 2011, Microsoft amended its original complaint to include Sabelnikov as a defendant. The company alleged in a complaint filed in U.S. District Court in January that not only did Sabelnikov write some of the Kelihos code, but he helped run the botnet.

“In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware. Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 ‘’ subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos botnet,” Richard Boscovich, a senior staff attorney in the Microsoft Digital Crimes Unit, wrote in a blog post at the time.

Now, Microsoft is taking a somewhat different tack. Rather than accusing Sabelnikov of running the Kelihos botnet, the company released a statement saying that he merely wrote some of the malware’s code. As a result, the company and the programmer reached an undisclosed out-of-court settlement.

“Microsoft and St. Petersburg software programmer Andrey Sabelnikov have entered into a Settlement Agreement in the matter of Microsoft v. Sabelnikov. During the negotiations, after reviewing the evidence provided by Microsoft and engaging in discussions, the parties have come to an understanding that Mr. Sabelnikov wrote code that was used in the Kelihos botnet code, but the programmer is not the operator of the botnet or involved in its activities. After a review and understanding of all of the details of the case, the parties were able to enter into a confidential settlement agreement in this matter, which resolves the dispute between the parties,” Boscovich wrote on Friday.

Microsoft has been quite aggressive in its efforts to disrupt and take down botnets in the last couple of years, using both technical and legal tactics to knock the networks offline. The company has gone after several different botnets, with varying degrees of fervor and success, but the Kelihos operation was the first time that Microsoft had named any individuals as defendants in its legal complaints. Until then it had focused on hosting providers or other corporate entities allegedly involved in botnet operations.