Microsoft says botnet chief was former antivirus vendor employee
Microsoft spent a good deal of time dismantling the Kelihos botnet last year, making it the first takedown where it was able to name actual defendants behind it. On Monday it made the suprising announcement that its latest defendant, Andrey N. Sabelnikov, had previously worked for an antivirus software vendor.
According to information on the Web, Sabelnikov worked for two Russian security vendors: Agnitum, a firm that produces firewall and antvirus software for PCs from September 2005 to November 2008, and Retunil from November 2008 to December 2011.
Sabelnikov is alleged to be the central figure behind the botnet. While no longer employed by either company, the information gleaned from his employment likely contributed to the development of Kelihos. From the dates it's also quite likely he was developing Kelihos -- which spreads by getting users to download faked antivirus -- while working on legitimate antivirus software.
"In today’s complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware", says a company statement. "Further, the complaint alleges that he used the malware to control, operate, maintain and grow the Kelihos botnet".
The Redmond, Wash.-based company has already settled with Dominique Alexander Piatti and dotFREE Group, and says their cooperation in the case gave them the information necessary to go after Sabelnikov. It is not clear whether he has been apprehended by Russian authorities as a result of the investigation.
Microsoft's complaint was filed with the US District Court for the Eastern District of Virginia.