Microsoft clears group accused in Kelihos botnet ring
- By 1105 Media Staff
- Oct 28, 2011
Microsoft set a new precedent in September when, along with the Kyrus and Kaspersk security companies, it sued those thought to be behind several botnet rings after working to shut them down.
Now lawyers for the software giant have come to an out-of-court settlement with Czech Republic-based Dotfree Group and its owner over involvement in the Kelihos botnet ring.
FBI takes over Rustock botnet investigation, aims for ringleader
After reviewing statements and documentation voluntarily presented by the free domain provider and its owner, Dominique Alexander Piatti, Microsoft found that the company was not directly involved in the "command and control structure for the Kelihos botnet."
"Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet," wrote Richard Domingues Boscovich, senior attorney with Microsoft Digital Crimes Unit, in a blog post. "Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain."
While it has dismissed its case with Piatti and his company, the original suit filed against defendants John Doe 1 through 22, individuals connected with Internet domains and IP addresses that are believed to be part of the ring, still stands.
As part of the dismissal agreement, Piatti will transfer the addresses and domains of the remaining defendants to Microsoft and will work with Microsoft security experts to establish "best practices" for avoiding similar situations in its free domain hosting business.
"We're very pleased by the outcome for several reasons," wrote Boscovich. "First, this settlement allows us to move forward with our investigation to uncover the other people behind the botnet, listed in our court documents as John Does 1-22. Second, by gaining control of the subdomains, we are afforded an inside look at the Kelihos botnet, giving us the opportunity to learn which unique IP addresses are infected with the botnet's malware."
Between 42,000 and 45,000 infected computers were believed to be infected with the Kelihos botnet and more than 4 billion spam e-mails sent every day before Microsoft took actions to shut it down. While Microsoft believes it has identified and removed the malware from a large portion of those users affected, there are still many out there that are unaware of the harmful program's presence.
For those who believe their systems harbor the botnet, tools and information for removal can be found at http://support.microsoft.com.