Microsoft cripples Kelihos, third botnet strike down

By Tom Warren, on 27th Sep 11 4:35 pm with 9 Comments

Microsoft revealed on Tuesday that it has successfully completed yet another botnet takedown.

The software giant has taken down the Kelihos botnet in an operation codenamed “Operation b79″. Microsoft used the same tactics and legal powers that it used in the Waledac and Rustock botnet takedowns. Kelihos is often referred to as “Waledac 2.0″ thanks to its close ties with the original Waledac botnet. The takedown marks the first time that Microsoft has named a defendant in one of its civil cases involving botnet operators. The suspected Kelihos botnet operators were informed at 8:15AM Central European Time (CET) on September 26.

“The Kelihos takedown is intended to send a strong message to those behind botnets that it’s unwise for them to simply try to update their code and rebuild a botnet once we’ve dismantled it,” said Microsoft Digital Crimes Unit Senior Attorney Richard Domingues Boscovich in a blog post on Tuesday. “When Microsoft takes a botnet down, we intend to keep it down – and we will continue to take action to protect our customers and platforms and hold botherders accountable for their actions.”

Microsoft alleges that Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 owned the domain and used to operate and control the Kelihos botnet. “Our investigation revealed that in addition to hosting Kelihos, defendants’ domain has previously been investigated for hosting subdomains responsible for delivering MacDefender, a type of scareware that infects Apple’s operating system,” revealed Boscovich. Microsoft filed for an ex parte temporary restraining order from the U.S. District Court for the Eastern District of Virginia against the alleged Kelihos botnet operators. The court granted Microsoft’s request and the company was able to take the botnet down on September 26.

“Naming defendants in this case marks a big step forward for Microsoft in making good on its commitment to aggressively protect its platform and customers against abuse from whomever and wherever it may originate,” says Boscovich. Microsoft notes that approximately 41,000 computers worldwide are infected with Kelihos and that the botnet was capable of sending 3.8 billion spam emails per day. “We do not expect its disruption to have the breadth of impact on the Internet that our prior takedowns did, we took this action before the botnet had an opportunity to grow further and because we believe accountability is important,” says Boscovich.

Microsoft has previously crippled the Rustock and Waledac botnet spam networks. Early last year Microsoft announced, that together with industry partners, it had executed a major botnet takedown of Waledac, a large and well-known “spambot”. At the time the software giant said it was looking to be “even more creative and aggressive in the fight against botnets and all forms of cybercrime.” Microsoft’s second botnet takedown, the Rustock botnet, was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam email messages each day.

Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam.

  • AlienSix

    Microsoft, being a BAWS

  • Anonymous

    Your title should be “Microsoft takes down MacDefender!”

    • Guest

      I’m certain Apple will issue a thank you.

  • Dfsdf

    Great! Being a site hoster myself, what I hate most is when it gets ddosed by jealous noobs with botnets.

  • Emi Cyberschreiber

    This should be digital CSI Microsoft!

  • SDreamer

    Microsoft = cyberpolice? O_o

  • Anonymous

    I hope even Linux and Apple fans will admit MS is doing good here.

    • Guest

      gl with that. ;-)

  • Perryman

    Microsoft has to take the lead on this. After all it’s their flawed OS that allows these Botnets to exist. It’s far cheaper to go hunting bad guys than to completely rewrite the flawed OS that is Windows. Wake up people your addiction to MS is whats propagates this.  Apple didn’t surpass MS as the Worlds largest tech company last year because they made great commercials or good mp3 players. It did so because smart people recognize good quality and are sick of computing on Microsoft’s inherently security weak OS.