Kelihos Followup: Microsoft Dismisses Civil Case Against Some Defendants
Written by Casper Manes on November 4, 2011
Last month we brought you news about Operation b79, the Project MARS investigation by Microsoft’s Digital Crimes Unit that took down the Kelihos botnet, and led to a civil case against the alleged leader, Dominique Alexander Piatti, and his company the dotFREE Group SRO, a Czech domain name registrar corporation.
As you may recall, this was the third such action from Microsoft, but the first time that a named defendant was identified and served with a lawsuit. A little more than a month after the joint operation that included members of the Trustworthy Computing Team and the Malware Protection System, a settlement has been reached between Microsoft and Kyrus Tech as plaintiffs, and Mr. Piatti and his company as defendants.
During the investigation, it was determined that the command and control systems of the Kelihos botnet resided in domains under the cz.cc domain controlled by dotFREE Group SRO. Microsoft and Kyrus Tech were able to obtain a temporary restraining order to shut down the servers controlling the botnet, which effectively ended a system of over 41,000 compromised computers responsible for sending up to 3.8 billion spam messages per day.
After reviewing evidence gathered from dotFREE Group SRO, it became clear that neither Mr. Piatti nor his company were directly responsible for, or involved in, the Kelihos botnet. The twenty-two John Doe defendants named in the original complaint apparently were using subdomains under the cz.cc domain to conduct their illegal actions without the cooperation or knowledge of Piatti or his company. The use of subdomains to host phishing sites, malware, and c&c systems is a growing problem. Research found that instances of using subdomains nearly doubled last year and continue to climb, with domains in China and Korea being the most commonly used.
While Microsoft has moved to dismiss the complaint against Mr. Piatti and the dotFREE Group SRO, this is not the end of their involvement. The former defendants have agreed to either delete, or to transfer to Microsoft’s control all of the subdomains involved with the Kelihos botnet. Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, stated that Piatti and his company will continue to work with Microsoft to “become a role model for the free domain industry, establishing industry best practices in the subdomain space.”
Mr. Boscovich indicated that Microsoft will continue to press legal action against the remaining twenty-two John Doe co-defendants.
Loading ...
When it comes to handling and bringing this kind of criminals to justice, technicality is the name of the game. These criminals are hard cores. Expect them to fight and pay top-notch lawyers to defend them.
I commend Microsoft for continuing pressing legal actions against the others involved. This way, online scammers, spammers, and hackers will learn their ways and respect the rule of law.
Kudos to Microsoft for taking spammers to task under the fullest extent of the law, while also adjusting their gameplan as new facts come to light. The only way to adequately combine legal and technological points of view is to be flexible and diligent, and in the case of shutting down botnets, Microsoft has proven to be both.
Based on what I’ve read, the civil case was not dismissed – it was settled between Microsoft / Kyrus Tech and dotFree Group. In return, the latter organization will suspend all their “illegal” activities. They also have to give and divulge to Microsoft / Kyrus Tech all servers and hosts.
The involved parties has something going on. Whatever it is, I hope it’s for the benefit of end-users.