In a new complaint filed today, Microsoft has named the man responsible for the operations of the Kelihos botnet, which was responsible for spam messages that promoted potentially dangerous counterfeit or unapproved pharmaceuticals from unlicensed and unregulated online drug sellers.
"Since taking down the Kelihos botnet with our partners Kyrus Inc. and Kaspersky Labs in September, the Microsoft Digital Crimes Unit has continued to actively investigate the case and pursue new leads with the goal of holding the perpetrators behind the botnet accountable for their actions," Microsoft stated in an official blog post.
In the complaint filed today with the U.S. District Court for the Eastern District of Virginia, Microsoft is claiming via evidence they uncovered by analyzing the botnet data that they have proof that Russian native Andrey N. Sabelnikov is the man responsible for creating, or participated in the creation of the Kelihos malware. On top of that, the complain states that Sabelnikov used the malware to control, operate, maintain, and grow the Kelihos botnet. Microsoft also states that Sabelnikov owns 3,700 "cz.cc" domains and miss-used those domains to operate and control the botnet.
Microsoft wants all botnet operators to know that there are risks and consequences for engaging in malicious activity. "Microsoft is committed to following the evidence wherever it leads us through the investigation in order to hold Kelihos’ operators accountable for their actions," Microsoft states.
Kelihos botnet may be inactive at the moment, but from what Microsoft says, there are still thousands of computers infected with the malware.