Application security, Malware

Accused Kelihos spam botmaster: It wasn’t me, Microsoft

The Russian man who Microsoft has accused of being the mastermind behind the Kelihos botnet has taken to his blog to deny the allegations.

"I did not commit this crime, [have] never participated in the management of botnets and any other similar programs and especially not extracted from it any benefit," Andrey Sabelnikov wrote Friday in a translated post on LiveJournal. The entry was directed to Microsoft and Kaspersky Labs, which also reportedly was involved in the takedown of Kelihos.

The 31-year-old, who works as a computer programmer, said he has returned to Russia from the United States, where he was temporarily working, to defend himself.

In an amended lawsuit, filed last week in the U.S. District Court in Alexandria, Va., Microsoft contends that Russian citizen Andrey Sabelnikov is responsible for operating the Kelihos botnet, a former 41,000-node network of zombie computers that was once capable of sending 3.8 billion spam emails per day.

Microsoft initially pursued legal action against Dominique Piatti and his domain name company, dotFREE Group SRO. But after reviewing evidence, Microsoft determined that neither Piatti or his business were responsible for controlling the subdomains that were used to host Kelihos. In exchange for dismissing the complaint, Piatti agreed to "delete or transfer" any subdomains that were connected to Kelihos.

Piatti also cooperated, and new evidence emerged, which led to the accusations against Sabelnikov, according to Microsoft. In its 21-page complaint, the company alleges Sabelnikov authored the code that was used in the Kelihos malware. In addition, he used the malware to control, operate and expand the botnet, Microsoft alleges.

Microsoft asked the court for damages and an injunction against Sabelnikov.

Sabelnikov formerly worked at St. Petersburg, Russia-based anti-virus firm, Agnitum, from 2005 to 2008, Vitaliy Yanko, director of sales and marketing at Agnitum, told SCMagazine.com.

Afterward, he held jobs at other software firms, according to reports.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.