Suspect worked for antivirus and software development firms in Russia.
Microsoft is continuing its legal tear against botnets: It has now named the alleged botnet operator of the Kelihos botnet that it helped take down last fall.
The alleged perpetrator, Andrey N. Sabelnikov, a Russian engineer, has been added to Microsoft's legal suit filed in U.S. District Court in September in relation to the botnet. The company, which worked with Kaspersky Lab and Kyrus to take down the spamming botnet, says the initial claim's named co-defendants in Microsoft's civil lawsuit, Dominique Alexander Piatti and dotFREE Group SRO, cooperated and provided information that led to the latest legal action against Sabelnikov as part of a settlement in October.
"In today's complaint, Microsoft presented evidence to the court that Mr. Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. Further, the complaint alleges that he used the malware to control, operate, maintain, and grow the Kelihos botnet. These allegations are based on evidence Microsoft investigators uncovered while analyzing the Kelihos malware," said Richard Domingues Boscovich, senior attorney for Microsoft's digital crimes unit. "Microsoft also alleges that Mr. Sabelnikov registered more than 3,700 'cz.cc' subdomains from Mr. Piatti and dotFREE Group SRO, and misused those subdomains to operate and control the Kelihos botnet."
Microsoft says Sabelnikov lives in St. Petersburg, Russia, and is a contractor for a software development and consulting firm who once worked as a software engineer and project manager at a firewall and antivirus firm. According to KrebsOnSecurity, that firm was Agnitum.
The State of RansomwareRansomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Published: 2017-05-08 unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08 A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08 Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08 Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.