Microsoft this week provided an update to its ongoing investigation of the Kelihos botnet case and now alleges that a Russian citizen is responsible for the creation and operation of the botnet. The news comes on the heels of an October 2011 takedown of the botnet, which Microsoft says harmed thousands of victims worldwide.
"Microsoft alleges that Andrey N. Sabelnikov, a citizen of Russia, wrote the code for and either created or participated in creating the Kelihos malware," a Microsoft representative told me late Monday night. "Additionally, the company alleges that he used the malware to control, operate, maintain, and grow the Kelihos botnet."
Microsoft named this new defendant in an amendment to its civil lawsuit against those responsible for the botnet. He joins more than 20 other defendants in the case, though Mr. Sabelnikov has now been identified as the key player in the creation of the botnet. The accusation against Mr. Sabelnikov came about thanks to the cooperation of some previous defendants and new evidence, Microsoft says.
"The complaint further alleges that [Mr. Sabelnikov] used the malware to control, operate, maintain, and grow the Kelihos botnet," a Microsoft blog post notes. "These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware. Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 'cz.cc' subdomains from [the previous defendents] Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos botnet."
All of Microsoft's legal filings and evidence in the Kelihos botnet case can be found on the web (in PDF format). Microsoft's amended complaint is also available (also in PDF format).
As others have noted, the amended complaint reveals that Mr. Sabelnikov actually worked for an unidentified "firewall, antivirus, and security software" firm previously. How's that for a bit of pseudo-irony?