Microsoft accused the Russian development engineer of security systems of creation a bot network. According to the claim submitted by corporation, from 2005 to 2011 the suspect whom the company defined as "Andrey Sabelnikov from St. Petersburg" worked in couple of the companies operating in IT security.
According to Sabelnikov's profile in LinkedIn social network, within the last six years it worked in two Russian companies specializing in the field of security including in anti-virus company Agnitum. The central office of the company is in St. Petersburg. Agnitum develops and sells the anti-virus product for Windows systems called by OutPost Antivirus Pro and also the firewall for personal computers running Windows OS. The representative of the company confirmed that Sabelnikov worked for their firm from September, 2005 to November, 2008.
Sabelnikov carried out a number of projects, having completed the career in Agnitum as the project manager responsible for everything, beginning from "design of architecture of a product" to "... writing of important fragments of the code". Answering questions by e-mail to the Computerworld edition, the representative of Agnitum said that Sabelnikov "left at own will at the end of 2008".
From November, 2008 to December, 2011 Sabelnikov worked in other Russian company - Returnil which also operates on the market of software of protection of systems. The main product Returnil - Virtual System Pro, clones the existing copy of Windows on the virtual machine as a method of protection against malware. Here within those three years Sabelnikov was a lead engineer of the company on researches.
The last two months A. Sabelnikov worked for consulting company Teknavo which among other things develops the software for financial institutions. The company has an office in St. Petersburg.
Detailed information on Sabelnikov's career on LinkedIn is smoothed out and now only the time frame spent by it in unnamed technical college and Saint Petersburg State University of Aerospace Instrumentation is specified there.
Kelihos Microsoft submitted the first claim for case in September of last year as a part of the work on destruction a bot network which is controlling about 45 thousand infected computers and allegedly sending a huge number of spam to users around the world – to 4 billion messages a day. By that moment of Microsoft only Dominica identified Dominique Piatti, operator of the Czech domain hosting dotFREE Group SRO connected with 22 unknown suspects. However in October Microsoft refused charges against Pyatti and dotFREE after achievement of the pre-trial agreement.
In the claim submitted on Monday, Microsoft accuses Sabelnikov of creation of the malware used for infection of computers and administration of the botnet Kelihos. The company stated that it identified Sabelnikov by means of the analysis of malware. "The malicious software of the computer, was used for management of the botnet Kelihos and contains information which identifies the defendant and proves that the defendant created, also control over the botnet Kelihos exercised control", said in the text of the claim.
Richard Boscovich, the senior lawyer of division of computer crimes of Microsoft company, in the corporate blog in passing accused Sabelnikov of registration more than 3.7 thousand subdomains "cz.cc" on dotFREE using which that allegedly managed a botnet.
If charges of Microsoft are right, perhaps, Kelihos was created by Sabelnikov during his work in Agnitum and Returnil companies: for the first time a harmful system detected itself at the end of 2009.
Interesting aspect of this case is that many experts in the field of security connect Kelihos with older malware which formed a basis for the botnet Waledac suppressed at the beginning of 2010, also with participation of Microsoft. According to experts, trojans of Waledac and Kelihos had the general code. Researchers assumed that afterwards there was probably an attempt of creation of new armada of the cracked PCs after former became useless.
According to the vice president for development of Sourcefire company Alfred Huger, though it is possible that Sabelnikov created Kelihos, using information obtained at the work nevertheless it is improbable. "The complete return analysis is not characteristic of analysts [anti-virus], - Huger told, referring to practice of analysis of parts of the software. - To completely reconstruct the malware - it is unprecedented, though is customary practice for exclusively malware which already declared".
The profile of the page of Sabelnikov on the Russian social network Vkontakt, available a little earlier, now is hidden from public viewing.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |