Microsoft has named a St Petersburg man who used to work for a security vendor as being responsible for the operations of the Kelihos botnet.
It reported the takedown of Kelihos in September, saying that it primarily sent out the MacDefender virus. Its continued investigation into the case led it to allege that Andrey Sabelnikov, a Russian citizen, is responsible for the operations of the Kelihos botnet.
Richard Boscovich, senior attorney at Microsoft Digital Crimes Unit, said: “Microsoft presented evidence to the court that Mr Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware.
“Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analysing the Kelihos malware.
“Microsoft also alleges that Sabelnikov registered more than 3,700 ‘cz.cc' sub-domains from Dominique Alexander Piatti and dotFREE Group SRO, and misused them to operate and control the Kelihos botnet.”
Microsoft has previously settled and dismissed the case against Piatti and dotFREE Group.
It was also revealed that Sabelnikov worked as a software engineer and project manager at Russian anti-virus firm Agnitum, a provider of firewalls, anti-virus and security software.
According to security blogger Brian Krebs, Microsoft doesn't specify where Sabelnikov worked, but his LinkedIn page says he worked at the company from 2005 to 2007.
Krebs said Sabelnikov's alleged role was discovered after a security researcher obtained a copy of the source code to Kelihos, and noticed that it contained debug code that downloaded a Kelihos malware installer from the domain sabelnikov.net, a photography site registered in Sabelnikov's name. That site currently links to Sabelnikov's profile page at Russian social networking site Vkontakte.ru, which includes the same pictures found in his LinkedIn profile.
Despite the takedown, Boscovich said thousands of computers remain infected and that the case "is not over".