Microsoft has participated in the shut down of yet another botnet operation, several months after it went after the massive Rustock botnet. In a post on Microsoft's official blog site, the company announced that it has taken down the Kelihos botnet under the code name "Operation b79". While Microsoft admits that the Kelihos botnet is not as large as the Rustock botnet, there is a big difference this time: it has named a person as a defendant in this case.
According to the blog site, "Microsoft alleges that Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 of owning a domain cz.cc and using cz.cc to register other subdomains such as lewgdooi.cz.cc used to operate and control the Kelihos botnet. Our investigation showed that while some of the defendant’s subdomains may be legitimate, many were being used for questionable purposes with links to a variety of disreputable online activities." Piatti, of the Czech Republic, was served with a lawsuit on Monday and Microsoft says it "began discussions with Mr. Piatti to determine which of his subdomains were being used for legitimate business, so we could get those customers back online as soon as possible."
Microsoft says that the Kelihos botnet infected a number of Internet-connected PCs and used the malware programs to take over the "zombie" computers. The botnet was used for a number of activities which included "sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children." Microsoft said that about 41,000 PCs were infected to be a part of the botnet.
Actually naming a defendant in this case is a big win, according to Microsoft. It states, "Naming these defendants also helps expose how cybercrime is enabled when domain providers and other cyber infrastructure providers fail to know their customers. Without a domain infrastructure like the one allegedly hosted by Mr. Piatti and his company, botnet operators and other purveyors of scams and malware would find it much harder to operate anonymously and out of sight. By taking down the botnet infrastructure, we hope that this will help deter and raise the cost of committing cybercrime."