Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Names Reputed Head of Kelihos Botnet

Unknown Lamer posted more than 2 years ago | from the framed-by-darpa-created-ai dept.

Botnet 30

wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

cancel ×

30 comments

KOMMIE AS EXPECTED !! (0)

Anonymous Coward | more than 2 years ago | (#38809281)

Who else ??

too simple (1)

daniel23 (605413) | more than 2 years ago | (#38809365)

I won't buy it unless you can show me how the CIA (or another 3-letter organization) is secretly in bed with them ...

Re:too simple (-1)

Anonymous Coward | more than 2 years ago | (#38809747)

CIA, FBI, NSA, KGB, DOW, A&W, B&O, B&D, ABC, BBC, CBC, CBS, CGI, EMI, MGM, NBC, FOX, JAL, JVC, THX, TNT, UPS, KFC, AMC, ATT, MCI, IBM, AMD, ATI, DEC, EDS, HCL, NEC, RSA, SCO, SGI, SNK, SUN.

This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot. This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot. This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot. This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot. This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot. This is a dummy paragraph used to bypass the stupid anti-yellow filter of slashdot.

Re:too simple (1)

q.kontinuum (676242) | about 2 years ago | (#38817035)

Inefficient list of three letter agencies, you probably forgot some.

        char t[5] ; memcpy( t, "AAA\n", 5);
        do { do { do {
                printf( t );
        #define W(a) } while (t[a]++ 'Z'); t[a]='A';
        W(0) W(1) W(2)

Re:KOMMIE AS EXPECTED !! (0)

Anonymous Coward | more than 2 years ago | (#38809369)

While the failing US education system may say otherwise, as the references to East and West Germany in my high schools history books can attest, the Berlin Wall actually fell some time ago, and Russia/the former Soviet Union is no longer communist.

Re:KOMMIE AS EXPECTED !! (1)

lvxferre (2470098) | about 2 years ago | (#38813273)

The new trend is blaming China, not Russia/CCCP.

So, wait. (3, Interesting)

willaien (2494962) | more than 2 years ago | (#38809389)

Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum

Does this lend credence to the conspiracy theory that antivirus vendors are, in some way, behind the very viruses they're supposed to remove?

Re:So, wait. (4, Insightful)

DeathFromSomewhere (940915) | more than 2 years ago | (#38809413)

Nope. There is no indication that this guy wrote the botnet as part of his job. A more likely explanation is that he used his employment to gather information about how to avoid antivirus software killing his botnet.

Re:So, wait. (1)

NWX (2559313) | more than 2 years ago | (#38809509)

Both virus detection and virus creation need the same skill set. Gather information sounds just stupid, as hackers can read the disassembly anyway, and it's not exactly secret how antiviruses operate. It's just that both have the same skill-set and are interested in similar things.

Re:So, wait. (3, Insightful)

willaien (2494962) | more than 2 years ago | (#38809593)

Nope. There is no indication that this guy wrote the botnet as part of his job. A more likely explanation is that he used his employment to gather information about how to avoid antivirus software killing his botnet.

Senior Systems Developer is a pretty high up position. It's not CTO level, but... I'd say that joining just to get access to info at that level is a bit of a stretch. gstoddart's suggestion that he became the very monster he was fighting would have a bit more credence.

Re:So, wait. (1)

DeathFromSomewhere (940915) | more than 2 years ago | (#38809653)

Agreed.

Re:So, wait. (1)

Gription (1006467) | more than 2 years ago | (#38811609)

More to the point:
Everyone has an interest in having a well funded retirement plan...

Re:So, wait. (1)

Anonymous Coward | more than 2 years ago | (#38811727)

I'm a senior systems developer and I was hired about 2 months ago. Titles don't mean much.

Re:So, wait. (0)

Anonymous Coward | more than 2 years ago | (#38810809)

Nice try, Antivirus company...

Re:So, wait. (3, Insightful)

gstoddart (321705) | more than 2 years ago | (#38809415)

Does this lend credence to the conspiracy theory that antivirus vendors are, in some way, behind the very viruses they're supposed to remove?

Or merely suggest that it's more lucrative to go to the dark side? One guy does not a conspiracy make.

And, likewise, this can't disprove any such conspiracy either.

Re:So, wait. (0)

Anonymous Coward | more than 2 years ago | (#38810059)

Its impossible to disprove any conspiracy theory.

Re:So, wait. (1)

gstoddart (321705) | more than 2 years ago | (#38810125)

Its impossible to disprove any conspiracy theory.

That's just what they want you to believe. ;-)

Re:So, wait. (1)

enrgeeman (867240) | about 2 years ago | (#38814053)

Only the good ones...

Re:So, wait. (1)

AngryDeuce (2205124) | more than 2 years ago | (#38809657)

Does this lend credence to the conspiracy theory that antivirus vendors are, in some way, behind the very viruses they're supposed to remove?

Behind them? In my experiences trying to fucking remove Norton Internet Security, I really wonder if it is one in itself...

Re:So, wait. (0)

Anonymous Coward | more than 2 years ago | (#38810195)

Oh for a "-1 Tired Meme" mod.

Re:So, wait. (-1)

Anonymous Coward | more than 2 years ago | (#38812885)

Not sure but using operating systems that are less able to be taken down by 15 year olds in darks rooms is paramount!

Shame on Microsoft for pushing crap onto the lesser computer beings.

Re:So, wait. (-1)

Anonymous Coward | about 2 years ago | (#38815559)

MS have no shame. Isn't it obvious?

Trumpeting the fact they took down *one* botnet amongst the legion that have been allowed to form due to them is chutzpah at its finest

Re:So, wait. (0)

Anonymous Coward | about 2 years ago | (#38815351)

Considering the implied knowledge overlap of antivirus / virus programmers, this is expected in a percentage of the cases. It does not significantly confirm or refute the CT.

There are two things I don't trust (1)

WillAffleckUW (858324) | more than 2 years ago | (#38809661)

There are two things I don't trust.

Q. What are they?

A. Anti-virus coders

Q. And?

A. Carnies. They have small hands.

Kelihos was formely the IT department under KAOS (0)

Anonymous Coward | more than 2 years ago | (#38809697)

Until now, Sabelnikov's role has not been public, however, it was previously acknowledged under the Cone of Silence.

(KAOS, a Delaware corporation).

Due process (2)

Beeftopia (1846720) | more than 2 years ago | (#38809817)

I've got no problems with corporations naming names and trying to uncover crimes. I just want to make sure any assertions of violation they make go through the due process of the US legal system. With this, or with copyright infringement or anything else. Plus, it's nice when they haven't corrupted the system by buying politicians who then make laws that dramatically favor them.

WTF? Absolved of crime by Microsoft? (3, Interesting)

rohan972 (880586) | more than 2 years ago | (#38810311)

However, the company later absolved Piatti of responsibility when investigators found ...

I hope that if I get accused of any crimes that Microsoft absolves me. After they complete their investigation, of course.

Holy shit.

Re:WTF? Absolved of crime by Microsoft? (1)

Gadget_Guy (627405) | about 2 years ago | (#38814077)

I hope that if I get accused of any crimes that Microsoft absolves me.

As in this case, they will only absolve you of crimes of which they themselves have accused you. This accusation never had any legal backing other than the lawsuit brought about by Microsoft, so it is not as if the company was preempting an official investigation.

So don't go breaking in to your neighbor's house and hope that Microsoft will absolve you of your crime. You will need to become a priest if you are looking for an organisation to shield you from the legal system.

Re:WTF? Absolved of crime by Microsoft? (1)

rohan972 (880586) | about 2 years ago | (#38815907)

This accusation never had any legal backing other than the lawsuit brought about by Microsoft, so it is not as if the company was preempting an official investigation.

You're underestimating their power. Nobody has ever been released from a Microsoft prison camp!

What? Nandayo! (-1)

Anonymous Coward | about 2 years ago | (#38815407)

Naming names is a slippery slope that M$ should NOT enter. Doing so opens questions ... Ah ... questions. Many and ALL that M$ will NOT answer, unless persuaded under threat of death after many hours and days of succlent tourture. NOW, the playtime begins. And this playtime is NOT on M$'s terms. Its on OUR TERMS.

Ah ah and a Tah tah

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...