Microsoft names ex-antivirus employee as botnet 'suspect' Published duration 8 March 2012

image caption The Kelihos botnet controlled about 41,000 machines at its peak, Microsoft said

Microsoft said it suspects a former employee of an antivirus software firm was behind the Kelihos botnet attacks.

Russian citizen Andrey Sabelnikov "wrote and/or participated in creating" the harmful software which infected thousands of machines, Microsoft said.

Kelihos was used for sending out spam and spreading malware until it was "neutralised" in September 2011.

In a blog posting, the Microsoft's lead attorney warned that thousands of PCs remain infected with Kelihos' software.

The firm said that it had filed an amended complaint with the US District Court for the Eastern District of Virginia regarding the matter.

Richard Domingues Boscovich wrote : "Microsoft presented evidence to the court that Mr Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware.

"Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet.

"These allegations are based on evidence Microsoft investigators uncovered while analysing the Kelihos malware."

'Wrong route'

Mr Boscovich urged users who were worried that they might have been affected by the botnet to visit Microsoft's website for advice.

Microsoft said Mr Sabelnikov is currently working on a freelance basis with a software development and consulting firm.

Prior to this, Mr Sabelnikov is said to have worked as a software engineer and project manager at "a company that provided firewall, antivirus and security software".

Microsoft did not name the company - however Mr Sabelnikov's LinkedIn profile lists St Petersburg-based antivirus firm Agnitum among Mr Sabelnikov's former employers.

Agnitum's sales and marketing director Vitaliy Yanko told the BBC: "I have checked the info and may confirm that Andrey Sabelnikov worked at Agnitum from 2005 till 2008.

"Afterwards our ways parted. Seems that he chose the wrong route afterwards."

The BBC has sent a message to Mr Sabelnikov's LinkedIn account asking him to respond to the accusations.

Vulnerabilities

Botnets like Kelihos are created by the spread of malicious software, often via infected emails or web browser vulnerabilities.

Each "bot", as they are known, is a hijacked computer which can be used by hackers for any number of illegal activities.

Many botnet owners make money by utilising their botnets to send large amounts of spam email.

At Kelihos' peak, it was said to have been in control of 41,000 infected machines and able to send over 3.8 billion spam emails in a day.

In October last year, a Czech hosting company, Dotfree Group SRO, settled with Microsoft after it was found to be hosting domains responsible for Kelihos' distribution.

As part of the settlement, Dominique Alexander Piatti, the group's owner, agreed to delete or transfer all of the affected domains to Microsoft.