Microsoft closes the book on Kelihos

Microsoft has closed the case on Kelihos after reaching a confidentiality settlement with a programmer it believed was responsible for the botnet.

According to the company, it has reached a confidential settlement with Russian programmer Andrey Sabelnikov, which effectively closes the case.

Richard Boscovich, assistant general counsel for Microsoft's digital crimes unit, announced that Sabelnikov was "not the operator of the botnet or involved in its activities", although he did write code for the large network of compromised PCs.

Microsoft reported the takedown of Kelihos in September 2011, saying that it primarily sent out the MacDefender virus. In January, Boscovich named Sabelnikov as the writer of the code and said he was responsible for either creating, or participating in creating, the Kelihos malware.

A few days later, Sabelnikov protested his innocence. In a statement, he said: “I am a programmer with nine years' experience, graduated from St. Petersburg State University of Aerospace Instrumentation in 2003, [and have worked] in highly respected Russian and international IT companies.

“I did not commit this crime, have never participated in the management of botnets or any other similar programs, and especially not extracted from it any benefit.”

In March, a quartet of companies including Kaspersky Lab and Dell SecureWorks took down Kelihos.B, which they said was almost triple the size of the first incarnation and had been built using the same coding as the original botnet.

Last October, Microsoft dismissed its case against another defendant, Dominique Piatti, and his company, dotFREE Group SRO, after a settlement was reached. As part of the terms of that settlement, Piatti agreed to delete or transfer subdomains connected to the Kelihos botnet, which led to Microsoft uncovering additional evidence that led to action against Sabelnikov.

“Today, I am pleased to say we have reached an agreement with Mr. Sabelnikov and have officially settled and closed the Kelihos botnet case," Boscovich wrote.

Sign up to our newsletters