Microsoft on Wednesday announced that it has successfully taken down the Kelihos botnet. This is the third time the software giant has taken down a botnet in the past two years, and although Kelihos isn't as large as its predecessors, Waledac and Rustock, this one comes with a twist: It's the first time Microsoft has named a defendant in a botnet civil case.
In its complaint, Microsoft accuses Dominique Alexander Piatti, dotFREE Group SRO, and 22 "John Does" of owning and operating web domains that were used to control the Kelihos botnet. This botnet infected 41,000 computers around the world and was capable of sending 3.8 billion spam messages per day.
"Naming a defendant in this case marks a big step forward for Microsoft in making good on its commitment to deterring cybercrime," a Microsoft representative told me. "Naming this defendant also helps expose how cybercrime is enabled when domain providers and other cyber infrastructure providers turn a blind eye to criminal activity."
In a blog post describing the action, Microsoft senior attorney Richard Boscovich said that the company took down Kelihos using legal and technical measures similar to those used against previous botnets. Microsoft code-named these actions as "Operation b79."
"Our investigation showed that while some of the defendant’s subdomains may be legitimate, many were being used for questionable purposes with links to a variety of disreputable online activities," Boscovich writes. "For instance, our investigation revealed that in addition to hosting Kelihos, defendants' ... domain has previously been investigated for hosting subdomains responsible for delivering MacDefender, a type of scareware that infects Apple's operating system."
Boscovich also claims that the botnet owners engaged in various illegal activities, "including sending out billions of spam messages, harvesting users' personal information (such as emails and passwords), fraudulent stock scams, and, in some instances, websites promoting the sexual exploitation of children."