On October 19, 2012, Microsoft Corporation announced that they have reached a settlement with Russian citizen Andrey N. Sabelnikov and have officially closed the book on the Kelihos Botnet and all legal actions related to the investigations made by Microsoft’s Digital Crimes Unit.
The Kelihos Botnet was the focus of an investigation by Microsoft and others first announced back in September 2011. Microsoft made public details regarding “Operation B79.” In a complaint filed by Microsoft, Dominique Alexander Piatti and the dotFREE Group SRO, along with twenty-two John Does.
In January of 2012, Microsoft amended their complaint to name Andrey N. Sabelnikov as a defendant, alleging that he was responsible for the Kelihos botnet. Earlier this month, Microsoft and Sabelnikov reached an agreement and released the following joint statement.
“Microsoft and St. Petersburg software programmer Andrey Sabelnikov have entered into a Settlement Agreement in the matter of Microsoft v. Sabelnikov. During the negotiations, after reviewing the evidence provided by Microsoft and engaging in discussions, the parties have come to an understanding that Mr. Sabelnikov wrote code that was used in the Kelihos botnet code, but the programmer is not the operator of the botnet or involved in its activities. After a review and understanding of all of the details of the case, the parties were able to enter into a confidential settlement agreement in this matter, which resolves the dispute between the parties.”
In a blog posting by Richard Domingues Boscovich, the Assistant General Counse, Microsoft Digital Crimes Unit, Mr. Boscovich also alluded to several side benefits that came out of the operation and the evidence gathered during the course of the investigation, including the architecture and build of botnets, and how malicious users can access them. This data will likely prove to be very useful in the ongoing defence of networks and systems, and will probably make future investigations bear fruit more quickly.
You can read more about the DCU’s actions in Operation B79 and the subsequent legal actions in the following three posts.