Botnet operator used to work for anti-virus company

After continued investigation into the alleged operators of the Kelihos botnets, Microsoft's Digital Crimes Unit has named a new defendant who it alleges used to work as a "software engineer and project manager at a company that provided firewall, antivirus and security software". This information appears in an amended complaint that Microsoft filed on 23 January with the US District Court for the Eastern District of Virginia.

Microsoft leaves open the question of which company the alleged botnet operator, named as Russian Andrey N. Sabelnikov, worked for. However, security researcher Brian Krebs points out that on his LinkedIn profile, Sabelnikov states that between 2005 and 2007 he worked as a senior system developer and project manager for Agnitum. Based in St. Petersburg, Russia, Agnitum is particularly known for its Outpost firewall and anti-virus software. According to Microsoft, Sabelnikov is currently employed as a freelancer for a company involved in software consulting and development.

Microsoft had earlier taken action against Dominique Alexander Piatti and the dotFREE Group for possibly being involved in the control or operation of the Kelihos botnet. That case was later settled, and the dotFREE group has since been helping Microsoft with its investigations; evidence provided by the group led to the new complaint and the naming of Sabelnikov.

The Kelihos botnet was shut down in September in a joint operation with Kyrus Tech Inc., Kaspersky Labs, Inc. and others. At that time, the botnet operator was controlling more than 40,000 infected computers. According to Microsoft, with that level of infrastructure, up to 3.8 billion spam mails could be sent each day.

See also:

• Microsoft settles botnet case with Czech dotFree group, a report from The H.

(ehe)