Microsoft plucks Kelihos botnet coder from AV industry

Source code and hobbies leads to identity.

Microsoft has named Russian software developer Andrey N. Sabelnikov as the alleged coder behind its botnet takedown target, Kelihos.

Redmond announced an amended complaint on Monday, alleging that Sabelnikov "wrote the code for and either created, or participated in creating, the Kelihos malware", the company said on its official blog.

The complaint identified Sabelnikov as a St Petersburg-based freelance software developer who previously worked as a "software engineer and project manager at a company that provided, firewall, antivirus and security software."

"The harmful computer software used to control the Kelihos botnet contains information that identifies Defendant and demonstrates that Defendant created, operated and controlled the Kelihos botnet," the complaint states.

A LinkedIn profile dating back to 2007 showed he once worked for Russian antivirus company Agnitum, according to security blogger Brian Krebs.

The complaint also claims Sabelnikov registered more than 3,700 "cs.cc" subdomains from the Czech resident, Dominque Piatti, it settled with last October, who also appears to have been one of the sources that led Microsoft to Sabelnikov.

Investigations revealed the software developer was also a photography buff with an eye for attractive women in natural settings.

According to Krebs, a copy of Sabelnikov's source code for the Kelihos malware obtained by a researcher pointed to the accused's webpage, sabelnikov.net, which at the time of writing states it is still under construction but contains a link pointing to his work at photosight.ru.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about AgnitumMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts