Microsft has spent months working to dismantle the Kelihos botnet, and has found some recent success apparently tracing the man behind the code and operating the botnet to be Andrey N. Sabelnikov – a Russian citizen named in their civil suit over the issue.
Botnets are groups of infected “zombie” computers around the world that can be controlled by a single person or group, and are rented out to the highest bidder to perform tasks like hitting companies with DDOS attacks or sending out massive volumes of spam – all unbeknownst to the owners of the computers. Computers are infected in a variety of ways, from viruses or trojans from downloading illegal content, or simply by users installing fake antivirus products – as seems to be the case here.
The fake antivirus scam has found success over recent years as people have become more aware of the need for security online, but at the same time not truly understanding the threats or how to deal with them. Hackers used advertisements that appeared to show a scan of the user’s PC and that it was infected by a virus – and then offering them a software anti-virus solution to fix the issue. Some conned users into paying for fake antivirus content that was effectively useless, whilst others – as alleged in this case – gave the software away for free only to install some real viruses or trojans on the user’s PC.
That Sabelnikov had previously worked for an internet security firm providing antivirus and firewall protections to users would have enabled to to glean valuable information about both how these technologies worked so that he could avoid their detections and in what advertising methods used best converted users into buying the software.
Microsoft has recently setlled with defendants Dominique Alexander Piatti and the dotFREE Group (owners of the .cz.cc subdomains) in the lawsuit, and they were able to provide information on Sabelnikov that led to his name being added.