Microsoft shuts down Kelihos botnet; names defendant

Microsoft has participated in the shut down of yet another botnet operation, several months after it went after the massive Rustock botnet. In a post on Microsoft's official blog site, the company announced that it has taken down the Kelihos botnet under the code name "Operation b79". While Microsoft admits that the Kelihos botnet is not as large as the Rustock botnet, there is a big difference this time: it has named a person as a defendant in this case.

According to the blog site, "Microsoft alleges that Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 of owning a domain cz.cc and using cz.cc to register other subdomains such as lewgdooi.cz.cc used to operate and control the Kelihos botnet. Our investigation showed that while some of the defendant’s subdomains may be legitimate, many were being used for questionable purposes with links to a variety of disreputable online activities." Piatti, of the Czech Republic, was served with a lawsuit on Monday and Microsoft says it "began discussions with Mr. Piatti to determine which of his subdomains were being used for legitimate business, so we could get those customers back online as soon as possible."

Microsoft says that the Kelihos botnet infected a number of Internet-connected PCs and used the malware programs to take over the "zombie" computers. The botnet was used for a number of activities which included "sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children." Microsoft said that about 41,000 PCs were infected to be a part of the botnet.

Actually naming a defendant in this case is a big win, according to Microsoft. It states, "Naming these defendants also helps expose how cybercrime is enabled when domain providers and other cyber infrastructure providers fail to know their customers. Without a domain infrastructure like the one allegedly hosted by Mr. Piatti and his company, botnet operators and other purveyors of scams and malware would find it much harder to operate anonymously and out of sight. By taking down the botnet infrastructure, we hope that this will help deter and raise the cost of committing cybercrime."

Report a problem with article
Previous Story

Sprint to push Mango update at 1PM CST

Next Story

Windows Phone Mango roll-out for all carriers has started

8 Comments

Commenting is disabled on this article.

Ricky65 said,
Well done MS but this is just a drop in the ocean.

at least they're putting an effort into it and its not just a drop in the ocean, they actually reduced spam significantly.
Where's the "Do No Evil" and everybodies friend Google in this?

Everytime Microsoft do this the amount of spam message in my inbox reduces.... I used to get 15 spam emails every day but now i get 1 or 2 ever couple of days. thanks to microsoft for bringing down the spam botnet last year....Luckily I use gmail so spam never reach my inbox.

still1 said,
Everytime Microsoft do this the amount of spam message in my inbox reduces.... I used to get 15 spam emails every day but now i get 1 or 2 ever couple of days. thanks to microsoft for bringing down the spam botnet last year....Luckily I use gmail so spam never reach my inbox.

you are soo right about this. after they took down the last botnet I swear my hotmail got so much less junk in it. now days I get 1-2 a week.

Microsoft is doing some really cool stuff, that'll benefit all the general public, and even their opponents.

FMH said,
Microsoft is doing some really cool stuff, that'll benefit all the general public, and even their opponents.

Benefit to the public? where is the public going to get its cheap Viagra from!