In September, Microsoft announced that it had helped to shut down the Kelihos botnet, an infected network of 41,000 PCs that in the past send out billions of spam email messages, among other things. In January, Microsoft named Russian-based Andrey N. Sabelnikov as a defendant in its lawsuit against the botnet. Sabelnikov has since declared his innocence.
But was all that work for nothing? PCWorld.com reports that the Kelihos botnet seems to be back in operation. The reason is that all of the PCs in the botnet are still infected with the code created by the people behind it. While Microsoft and others shut down the botnet by forcing the infected PCs to communicate with a PC they controlled, it appears that the networks creators have devised a way to regain control of the botnet.
According to Ram Herkanaidu, a security researcher and education manager for Kaspersky Lab, "We could have issued an update to those machines to clean them up, but in several countries that would be illegal".
For its part, Microsoft said in a statement it is working with Kaspersky Lab to monitor the botnet's activities. There's no word on what new actions Microsoft might take to bring down the botnet once and for all.