Four months after dismantling the nasty Kelihos botnet, Microsoft says it has tracked down the central figure behind it– naming Russian citizen Andrey N. Sabelnikov as a new defendant in its civil case over the botnet.
Microsoft announced the news in a blog post. The company alleges that Sabelnikov wrote the code for the Kelihos malware and was responsible for the operation of the botnet, which did everything from distributing spam to stealing financial information and orchestrating stock scams.
Here’s the kicker: Prior to his current employment as a freelancer for a software development and consulting firm, Sabelnikov “worked as a software engineer and project manager at a company that provided firewall, antivirus and security software,” according to Microsoft’s newly amended lawsuit.
That would be ironic, but not surprising, given the wealth of information Sabelnikov would have gleaned in such a job. One tactic allegedly used by the Kelihos operators was distributing fake antivirus software.
The legal documents don’t identify the antivirus and firewall company where Sabelnikov worked, or the consulting firm where he now freelances. However, the suit say he has a computer programming degree from the St. Petersburg State University of Aerospace Instrument Engineering.
Microsoft previously settled with the original defendants in the case, Dominique Alexander Piatti and dotFREE Group, who owned domains allegedly used to control the botnet. The company says it was able to identify Sabelnikov as the alleged operator thanks to their cooperation, as well as new evidence.
The company says Kelihos remains inactive, but thousands of computers are still infected. The company directs PC users to this site for more information and tools for cleaning the malware from a PC.