LONDON (01/24/2012) – Microsoft has named a Russian man as the alleged creator of Kelihos, a spammy botnet that abused the company’s Hotmail service until the botnet was shutdown last September.
In a legal filing on Monday (PDF), Microsoft identified the man as Andrey N. Sabelnikov of St. Petersburg, adding that he freelances for a software development company and, ironically, formerly worked as a software engineer for a computer security software company.
The public naming by Microsoft could put further pressure on Russia to investigate alleged cybercriminals, as other companies appear to be losing patience with the lack of action on cybercriminal activity traced to the country.
Earlier this month, a computer security researcher, Facebook and the security company Sophos accused five men also based in St. Petersburg of creating Koobface, a social networking worm dating from 2008. The FBI has an active investigation, but no arrests have been made in Russia.
Sabelnikov was not named in the original civil suit in the Kelihos case that Microsoft filed in the U.S. District Court for the Eastern District of Virginia.
That suit named Dominique Alexander Piatti and his company dotFREE Group SRO, along with 22 “John Does,” or unidentified defendants. Piantti’s company operated a domain registration service in the .cz.cc name space, which was abused by the botnet’s operators to set up hosts for their control infrastructure. In October, Microsoft settled with Piantti after finding his company was not collaborating with the Kelihos operators.
Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, wrote on Monday that due to “new evidence” and cooperation by dotFREE, “we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet.”
The botnet is no longer functional, but Boscovich wrote that thousands of computers are still infected with it. He wrote that the case “is not over.”
Although Microsoft’s case is a civil one that seeks monetary damages, the allegations made against Sabelnikov would also violate U.S. computer crime laws. But there is no precedent for extraditing criminal defendants from Russia: Article 61 of the country’s constitution prohibits a Russian citizen from being extradited to another state.
