Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Microsoft Action Ends the Kelihos Botnet

on September 28, 2011

In another victory against spammers, Microsoft’s Digital Crimes Unit (DCU) has taken down the Kelihos botnet, which at the time the command and control servers were knocked offline, controlled some 41,000 infected hosts and was able to send 3.8 billion spam emails every day.

Yesterday, Microsoft released the details of its actions against the alleged controllers of a botnet considered to be very similar to Waledac. Microsoft obtained an ex-parte temporary restraining order which enabled Microsoft to work with ISPs to disconnect the command and control servers from the Internet, severing their connection to the compromised computers.

The complaint from Microsoft alleges that Dominique Alexander Piatti, the dotFREE Group S.R.O., and 22 ‘John Doe’ defendants associated with various IP addresses and domain names, violated both federal and state laws by operating a botnet, causing unlawful intrusion and dissemination of unsolicited bulk email to Microsoft’s detriment. Piatti currently resides in the Czech Republic, and dotFREE Group S.R.O. is a Czech LLC. The ‘John Doe’ defendants are the owners of several registered domains that were a part of the CnC network, but used private registrations for their domain names.

Microsoft’s DCU worked with the Trustworthy Computing Initiative and the Malware Protection Center during the investigation, as well as with customers including Kyrus Tech Inc., who served as a declarant in the case.

This latest victory in the fight against spam is significant for several reasons including:

  1. While Kelihos is not as big as Waledac or Rustock were, 3.8 billion spam messages a day is a big number.
  2. This is the first time defendants were named and served legal notices on the same day that their servers were taken offline.
  3. Kelihos shares significant amounts of code with Waledac, indicating that they were either developed by the same author(s) or that Kelihos was adapted from Waledac.

It also underscores the continuing need for antivirus software at the gateway and on every workstation, as well as anti-spam software for every mailbox. Consider that the Kelihos botnet controlled tens of thousands of computers. The owners of these systems didn’t willingly sign on to generate billions of spam messages each day. They were infected by malware. If they had been running antivirus software with up-to-date definitions, they probably wouldn’t have been infected. Not all of these infected machines were home computers either. Web filtering software on the company network could have prevented corporate computers from being taken over. And even with 3.8 billion fewer spam messages hitting our mail servers daily, there are still billions more trying to flood our inboxes. Implementing anti-spam software on the email server, or using an online filtering service, is a critical requirement for any administrator managing an organization’s email security strategy.

About the Author:

David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.

submit to reddit
 
Comments
Alan Manders September 29, 20119:54 pm

Another victory for the good guys. Hopefully as these takedowns become more common, the botnets won’t be so big by the time they’re dismantled and the threat will decrease significantly over time.

Steve Mclellan September 30, 201110:22 am

3.8 billion spam messages a day sounds a big number but it’s only a fraction of what is sent on daily basis. According to Commtouch, one of the worlds largest web security companies, on average, more than 183 billion spams are circulated everyday on the Internet. This figure was for 2010. This year, the figure is around 200 billion a day.

In order to totally knock off the spam industry, you have to take down more than botnets. You also have to engage in international diplomacy. This is because more than half of the world’s spams are created and sent outside the US. These countries include China and Russia, which Microsoft has little control of.

Perry B. October 6, 20112:37 pm

True, 3.8 billion spam messages a day is only a fraction of the total number of Internet spams. However, fighting spam is not that easy. You should take one step at a time. You can’t just barge in and completely eradicate spam in less than a month or year. It’s a process – a whole lot of process.

Instead of criticizing Microsoft, why not try to support them this time? We are all victims here. Spams, viruses, and other types of Internet malwares can only be defeated with an intensive support network.