Microsoft announced today that the Kelihos Botnet is no longer functioning. This is the third botnet take down, coming on the heels of the decommissioned Restock and Waledac botnets earlier this year. Microsoft in Operation b79, used legal and technical operations, which figured successfully in the previous takedowns, to repeat a legal assault and bring down Kelihos.
While not as massive as the Rustock, nevertheless, its resources were widespread and managed multiple subdomains to make their system a pervasive problem.
For the first time, Microsoft also names defendants Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 in an ex parte temporary restraining order to stop and sever connections between the botnet and the zombie computers under its control.
What Did Kelihos Do?
While most computer users have the cozy feeling that they control the actions of their computer, but when a botnet hits the PC that changes things. Kelihos infected Internet users’ computers with malicious software that masked the operations to surreptitiously control a person’s computer and use it for a variety of illegal activities. This meant sending out billions of spam messages on a daily basis, controlling and using personal information belonging to the owner of the PC, like e-mails and passwords. Sometimes processing fraudulent stock swindles, and going as far as having some websites promoting the sexual exploitation of children.
The Use of Subdomains
Finally, this case demonstrates an industry-wide problem relating to the use of subdomains. Under U.S. law, domain owners are not regulated to prevent the use of their digital properties for cybercrime. For example, pawnshop operators must require a name, address and proper identification from customers in order to buy or sell property. However, by contrast there are currently no requirements that require domain hosts to know anything about the people using their subdomains, so this makes it easy for domain owners to look the other way. That is one of the ways letting botnets to operate so successfully.