Microsoft kills botnet, names mastermind

By on
Microsoft kills botnet, names mastermind

41,000 computers freed in botnet take-down.

Microsoft has destroyed he Kelihos botnet which controlled 41,000 infected computers.

Kelihos was capable of sending 3.8 billion spam emails per day, according to Microsoft's digital crimes unit senior attorney Richard Boscovich.

The botnet was used to steal personal information and promote content including counterfeit drugs, stock scams, and child pornography websites.

Microsoft received authorisation from a US district court to kill 21 botnet command-and-control domain servers in a takedown dubbed Operation b79.

That move freed compromised machines from botnet control.

Microsoft alleges that Dominique Alexander Piatti, believed to be living in the Czech Republic, controlled the botnet.

It was the first time Microsoft had named a defendant in a civil case involving a botnet.

Microsoft complaint filed last week named 22 anonymous co-defendants and Piatti's Czech-based domain name company dotFREE Group SRO.

Microsoft alleges that Piatti and the other defendants own the top-level internet domain cz.cc, and used it to register subdomains that were used to operate and control the botnet.

Beyond hosting Kelihos, cz.cc also hosted subdomains used to deliver malware, including MacDefender, a type of scareware that targets Apple's operating system, Microsoft contended.

Boscovich said he hopes the case shines light on what he terms an “industry-wide” problem involving subdomains.

“There are currently no requirements necessitating domain hosts to know anything about the people using their subdomains – making it easy for domain owners to look the other way,” he wrote.

Kelihos was much smaller than two botnets Waledac and Rustock recently destroyed by Microsoft.

“Large portions of Kelihos code were shared with Waledac, which suggested that Kelihos was either from the same parties, or that the code was obtained, updated and reused,” Boscovich said.

“Once we learned of the apparent relationship to Waledac, we immediately began developing a plan to take out Kelihos using similar technical measures.”

Piatti did not respond to requests for comment.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?