Microsoft today announced that they reached a settlement in Kelihos Case with defendants Dominique Alexander Piatti and his company, dotFREE Group SRO, and will be dismissing the lawsuit against them pursuant to the agreement.
However, the "case for the remaining John Does remains open, as Microsoft continues our investigation to hold those responsible for the Kelihos botnet," said Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit.
Microsoft and its partners, Kyrus and Kaspersky, took down the "Kelihos botnet" in an operation codenamed "Operation b79" on September 28. And, for the first time, Microsoft took the step of naming specific defendants in a civil case involving a botnet. In the legal case supporting the Kelihos takedown, Microsoft sued defendants Dominique Alexander Piatti, dotFree Group S.R.O. and John Does 1 through 22 associated with the IP addresses and Internet domains alleged to be involved in the command and control structure for the Kelihos botnet.
Boscovich writes, "As part of the settlement, Mr. Piatti has agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft."
"Additionally, Mr. Piatti and dotFREE Group have agreed to work with us to create and implement best practices to prevent abuse of free subdomains and, ultimately, apply these same best practices to establish a secure free Top Level Domain as they expand their business going forward. Mr. Piatti and dotFree Group will continue to work with Microsoft to become a role model for the free domain industry, establishing industry best practices in the subdomain space," noted Boscovich.
"We're very pleased by the outcome for several reasons, said Boscovich, "First, this settlement allows us to move forward with our investigation to uncover the other people behind the botnet, listed in our court documents as John Does 1-22." And, "Second, by gaining control of the subdomains, we are afforded an inside look at the Kelihos botnet, giving us the opportunity to learn which unique IP addresses are infected with the botnet's malware."
Here is the full Kelihos botne voluntary dismissal file stamped: