Microsoft brings down Kelihos botnet

Posted by Emma Woollacott

Microsoft says its taken down another big botnet that was delivering up to four million spam messages per day.

The company's filed a complaint in the US District Court in Alexandria, Virginia, accusing 22 John Doe defendants along with dotFREE SRO and Dominique Alexander Piatti of hosting the Kelihos botnet, also known as Waledac 2.0.

Through the cz.cc service, says Microsoft, they issued more than 3,700 subdomains, at least some of which were used to operate and control the botnet. Around 41,000 computers worldwide were beleived to have been infected.

"Our investigation showed that while some of the defendant’s subdomains may be legitimate, many were being used for questionable purposes with links to a variety of disreputable online activities," says Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit, on the company blog.

"For instance, our investigation revealed that in addition to hosting Kelihos, defendants’ cz.cc domain has previously been investigated for hosting subdomains responsible for delivering MacDefender, a type of scareware that infects Apple’s operating system."

The botnet was used for a variety of illegal activities, says Microsoft, including sending out billions of spam messages, harvesting users’ personal information such as e-mails and passwords, fraudulent stock scams and even websites promoting the sexual exploitation of children.

While Microsoft's already - and proudly - taken down the Rustock and Waledac botnets, it's the first time the company has named a defendant in this type of case.

"Naming defendants in this case marks a big step forward for Microsoft in making good on its commitment to aggressively protect its platform and customers against abuse from whomever and wherever it may originate," says Boscovitch.

"Naming these defendants also helps expose how cybercrime is enabled when domain providers and other cyber infrastructure providers fail to know their customers."