News

Microsoft Settles with Alleged Malware Culprit

Lawyers for Microsoft have come to an out-of-court settlement with Czech Republic-based Dotfree Group and its owner over involvement in the Kelihos botnet ring.

Microsoft, along with security firms Kyrus and Kaspersky, took down the high-profile botnet ring last month and, for the first time in the company's history of actively seeking and shutting down similar rings, brought civil cases against those it believed responsible.

After reviewing statemnts and documentation voluntarily presented by the free domain provider and its owner, Dominique Alexander Piatti, Microsoft found that the company was not directly involved in the "command and control structure for the Kelihos botnet."

"Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet," wrote Richard Domingues Boscovich, senior attorney with Microsoft Digital Crimes Unit, in a blog post. "Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain."

While it has dismissed its case with Piatti and his company, the original suit filed against defendants John Doe 1 through 22, individuals connected with Internet domains and IP addresses that are believed to be part of the ring, still stands.

As part of the dismissal agreement, Piatti will transfer the addresses and domains of the remaining defendants to Microsoft and will work with Microsoft security experts to establish "best practices" for avoiding similar situations in its free domain hosting business.

"We're very pleased by the outcome for several reasons," wrote Boscovich. "First, this settlement allows us to move forward with our investigation to uncover the other people behind the botnet, listed in our court documents as John Does 1-22. Second, by gaining control of the subdomains, we are afforded an inside look at the Kelihos botnet, giving us the opportunity to learn which unique IP addresses are infected with the botnet's malware."

Between 42,000 and 45,000 infected computers were believed to be infected with the Kelihos botnet and more than 4 billion spam e-mails sent every day before Microsoft took actions to shut it down. While Microsoft believes it has identified and removed the malware from a large portion of those users affected, there are still many out there that are unaware of the harmful program's presence.

For those who believe their systems harbor the botnet, tools and information for removal can be found at http://support.microsoft.com

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus