Microsoft Unmasks Kelihos Mastermind; Botnet Dead But Not Gone
Thursday, January 26th, 2012Now that Microsoft has outed the software engineer it believes masterminded a massive attack that delivered spam and stole confidential data, what’s next on the botnet mitigation front? And is the Kelihos takedown even having an impact on spam levels?
Microsoft took down the Kelihos botnet with partners Kyrus and Kaspersky Labs last September. Since then, the Microsoft Digital Crimes Unit has continued to actively investigate the case. Microsoft named Andrey N. Sabelnikov, a Russian citizen and former software engineer at an antivirus vendor, in an amended complaint filed with the U.S. District Court for the Eastern District of Virginia on Monday.
“We continue to explore ways to make the information learned from our takedowns more readily available to others who can take action to address infections in a more systematic and automated manner,” said Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit. “Our objective is to effectively put information and tools into the hands of those that can help protect innocent computer users.”
Does It Even Matter?
Damballa Labs tracks the Kelihos botnet as “FierceGorillaConvicts.” In September 2011, Microsoft estimated the global proliferation of the botnet to be in the realm of 40,000 victims. Damballa observed and confirmed the victim status of around 10,000 victims in North America alone.
Gunter Ollmann, vice president of research at Damballa, said security researchers and vendor analysts work to dismantle and take down dozens of botnets on a daily basis — but very few of these efforts ever make it to the press, let alone become headline news.
“Over the years, security researchers have found that tearing down parts of a criminals’ command and control infrastructure is easy, but it is almost impossible to kill a botnet in its entirety when the criminals want to keep it going,” Ollmann said.
“Past media events…
View full post on NewsFactor Network