News

Microsoft Settles with Alleged Malware Culprit

Lawyers for Microsoft have come to an out-of-court settlement with Czech Republic-based Dotfree Group and its owner over involvement in the Kelihos botnet ring.

Microsoft, along with security firms Kyrus and Kaspersky, took down the high-profile botnet ring last month and, for the first time in the company's history of actively seeking and shutting down similar rings, brought civil cases against those it believed responsible.

After reviewing statemnts and documentation voluntarily presented by the free domain provider and its owner, Dominique Alexander Piatti, Microsoft found that the company was not directly involved in the "command and control structure for the Kelihos botnet."

"Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet," wrote Richard Domingues Boscovich, senior attorney with Microsoft Digital Crimes Unit, in a blog post. "Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain."

While it has dismissed its case with Piatti and his company, the original suit filed against defendants John Doe 1 through 22, individuals connected with Internet domains and IP addresses that are believed to be part of the ring, still stands.

As part of the dismissal agreement, Piatti will transfer the addresses and domains of the remaining defendants to Microsoft and will work with Microsoft security experts to establish "best practices" for avoiding similar situations in its free domain hosting business.

"We're very pleased by the outcome for several reasons," wrote Boscovich. "First, this settlement allows us to move forward with our investigation to uncover the other people behind the botnet, listed in our court documents as John Does 1-22. Second, by gaining control of the subdomains, we are afforded an inside look at the Kelihos botnet, giving us the opportunity to learn which unique IP addresses are infected with the botnet's malware."

Between 42,000 and 45,000 infected computers were believed to be infected with the Kelihos botnet and more than 4 billion spam e-mails sent every day before Microsoft took actions to shut it down. While Microsoft believes it has identified and removed the malware from a large portion of those users affected, there are still many out there that are unaware of the harmful program's presence.

For those who believe their systems harbor the botnet, tools and information for removal can be found at http://support.microsoft.com

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.