Microsoft said today that a Czech Republic-based provider of free domains has agreed to pull the plug on botnet activities using his subdomains, as part of a settlement of a lawsuit the software giant filed in September to shut down the Kelihos botnet.
The suit, filed in federal court in Virginia, named Dominique Alexander Piatti and his domain company, Dotfree Group SRO, as defendants, alleging that they were involved in hosting the Kelihos botnet. Infected computers in that operation, also known as “Waledac 2.0” after a previous botnet that Microsoft shut down last year, were used to send unregulated pharmaceutical and other spam, to harvest e-mails and passwords, to conduct fraudulent stock scams and, in some cases, to promote sites dealing with sexual exploitation of children. Subdomains also were allegedly used to spread the MacDefender scareware.
“Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet. Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain,” Richard Domingues Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, wrote in a blog post.
As part of the settlement, Piatti has agreed to delete or transfer to Microsoft all the subdomains that were used to operate the botnet or for other illegitimate purposes, according to Boscovich. Piatti and his company also have agreed to work with Microsoft to prevent abuse of free subdomains and to establish a secure free top level domain going forward, he said.
“By gaining control of the subdomains, we are afforded an inside look at the Kelihos botnet, giving us the opportunity to learn which unique IP addresses are infected with the botnet’s malware,” Boscovich wrote.
Meanwhile, the lawsuit against the 22 other unnamed defendants is pending, Microsoft said.
The Kelihos botnet comprised about 41,000 infected computers worldwide and was capable of sending 3.8 billion spam e-mails per day, according to Microsoft.
Microsoft has been aggressive in moving to put botnets out of business. Kelihos is the third botnet–following Waledac, and Rustock earlier this year–that Microsoft has taken down using legal and technical measures.