Kelihos Defendant Settles, Bringing the End to the Story

On October 19, 2012, Microsoft Corporation announced that they have reached a settlement with Russian citizen Andrey N. Sabelnikov and have officially closed the book on the Kelihos Botnet and all legal actions related to the investigations made by Microsoft’s Digital Crimes Unit.

The Kelihos Botnet was the focus of an investigation by Microsoft and others first announced back in September 2011. Microsoft made public details regarding “Operation B79.” In a complaint filed by Microsoft, Dominique Alexander Piatti and the dotFREE Group SRO, along with twenty-two John Does.

In January of 2012, Microsoft amended their complaint to name Andrey N. Sabelnikov as a defendant, alleging that he was responsible for the Kelihos botnet. Earlier this month, Microsoft and Sabelnikov reached an agreement and released the following joint statement.

“Microsoft and St. Petersburg software programmer Andrey Sabelnikov have entered into a Settlement Agreement in the matter of Microsoft v. Sabelnikov. During the negotiations, after reviewing the evidence provided by Microsoft and engaging in discussions, the parties have come to an understanding that Mr. Sabelnikov wrote code that was used in the Kelihos botnet code, but the programmer is not the operator of the botnet or involved in its activities. After a review and understanding of all of the details of the case, the parties were able to enter into a confidential settlement agreement in this matter, which resolves the dispute between the parties.”

In a blog posting by Richard Domingues Boscovich, the Assistant General Counse, Microsoft Digital Crimes Unit, Mr. Boscovich also alluded to several side benefits that came out of the operation and the evidence gathered during the course of the investigation, including the architecture and build of botnets, and how malicious users can access them. This data will likely prove to be very useful in the ongoing defence of networks and systems, and will probably make future investigations bear fruit more quickly.

You can read more about the DCU’s actions in Operation B79 and the subsequent legal actions in the following three posts.

Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case

Microsoft Names New Defendant in Kelihos Case

Microsoft Reaches Settlement with Second Kelihos Defendant

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.


  1. Richard Ramirez · October 24, 2012

    “confidential settlement agreement” – we paid him hush money, or we used his expertise for our own purposes, or we got the botnet code from him? These so called “confidential” agreements suggest only one thing – there is something dirty to hide. I wonder what it is in this case?

  2. Davinci · November 2, 2012

    This is victory for all of us, for those who have been tirelessly complaining and doing everything that we can in order to reduce or get rid of spam messages forever. What I find disconcerting, however, is the settlement. Isn’t he going to jail? I think that’s one of the best ways to scare off spammers as well as phishers. We really need very strong laws and implementation when it comes to fighting off spam, and I implore Microsoft and other big companies to never enter into any settlement and take the case all the way through.

Leave A Reply