clock menu more-arrow no yes mobile

Filed under:

Microsoft names ex-antivirus worker as Kelihos botnet suspect

New, 20 comments

Microsoft names new Kelihos botnet suspect, a former antivirus worker.

Botnet Chart (credit Tom B / Wikimedia)
Botnet Chart
Ludovic R (Privacy Canada)

Microsoft revealed this week that it suspects a former computer security employee is responsible for the Kelihos botnet, which used to send over 3.8 billion spam emails a day. Andrey Sabelnikov — a 31-year-old Russian — has been named as a new defendant in an amended complaint with a US District Court. Microsoft presented evidence on Monday that Sabelnikov "wrote the code for and either created, or participated in creating, the Kelihos malware."

Kelihos was a network of compromised computers controlled by "bot herders" or "bot masters" that use the machines to distribute spyware, spam emails, and launch attacks on web properties. Microsoft alleges that Sabelnikov used malware to control and operate Kelihos, a botnet that the company neutralized in September. BBC News reports that Sabelnikov is said to have worked at Russian antivirus firm Agnitum between 2005 and 2008. There's no indication that his former employer, or prior training, were involved in the Kelihos botnet. However, the position is unusual and Graham Cluley, a senior technology consultant at Sophos, said to us in a statement that he believes there "are very few known examples of people who have worked for both sides of the anti-virus business."

Microsoft says the botnet is inactive, but that the case is not over. The company remains committed to its future work with botnet takedowns in the meantime.