Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has destroyed he Kelihos botnet which controlled 41,000 infected computers.
Kelihos was capable of sending 3.8 billion spam emails per day, according to Microsoft's digital crimes unit senior attorney Richard Boscovich.
The botnet was used to steal personal information and promote content including counterfeit drugs, stock scams, and child pornography websites.
Microsoft received authorisation from a US district court to kill 21 botnet command-and-control domain servers in a takedown dubbed Operation b79.
That move freed compromised machines from botnet control.
Microsoft alleges that Dominique Alexander Piatti, believed to be living in the Czech Republic, controlled the botnet.
It was the first time Microsoft had named a defendant in a civil case involving a botnet.
Microsoft complaint filed last week named 22 anonymous co-defendants and Piatti's Czech-based domain name company dotFREE Group SRO.
Microsoft alleges that Piatti and the other defendants own the top-level internet domain cz.cc, and used it to register subdomains that were used to operate and control the botnet.
Beyond hosting Kelihos, cz.cc also hosted subdomains used to deliver malware, including MacDefender, a type of scareware that targets Apple's operating system, Microsoft contended.
Boscovich said he hopes the case shines light on what he terms an “industry-wide” problem involving subdomains.
“There are currently no requirements necessitating domain hosts to know anything about the people using their subdomains – making it easy for domain owners to look the other way,” he wrote.
Kelihos was much smaller than two botnets Waledac and Rustock recently destroyed by Microsoft.
“Large portions of Kelihos code were shared with Waledac, which suggested that Kelihos was either from the same parties, or that the code was obtained, updated and reused,” Boscovich said.
“Once we learned of the apparent relationship to Waledac, we immediately began developing a plan to take out Kelihos using similar technical measures.”
Piatti did not respond to requests for comment.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.