Microsoft Alleges Andrey N. Sabelnikov Responsible for Kelihos Botnet Operations

Microsoft's Digital Crimes Unit in an amended complaint filed today in the Kelihos botnet takedown case with the U.S. District Court for the Eastern District of Virginia, alleges that Andrey N. Sabelnikov, a citizen of Russia, is responsible for the operations of the Kelihos botnet, reports Richard Domingues Boscovich, Senior Attorney, MDCU.The Kelihos botnet was […]

Microsoft Kelihos Botnet Amendment, named Andrey N. Sabelnikov as defendantMicrosoft's Digital Crimes Unit in an amended complaint filed today in the Kelihos botnet takedown case with the U.S. District Court for the Eastern District of Virginia, alleges that Andrey N. Sabelnikov, a citizen of Russia, is responsible for the operations of the Kelihos botnet, reports Richard Domingues Boscovich, Senior Attorney, MDCU.

The Kelihos botnet was taken down by Microsoft with Kyrus Inc. and Kaspersky Labs in September last year. Although the Kelihos botnet remains inactive since the successful takedown since its take down in September, thousands of computers are still infected with its malware.

Boscovich writes, "In today's complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware."

Further, the complaint "alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware."

Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 "cz.cc" subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos botnet.

Sabelnikov is not the first to be named as a defendant in this case, which has already served as the legal foundation for the successful disruption of a global botnet harming thousands of victims worldwide. In the original complaint filed in September, Microsoft alleged that Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 owned a domain cz.cc and used cz.cc to register other subdomains such as lewgdooi.cz.cc used to operate and control the Kelihos botnet.

On Oct. 26, we successfully settled with defendants Dominique Alexander Piatti and dotFREE Group, allowing us to dismiss the case against them.

Here is the copy of the amended complaint filed today: