On September 26th 2011 Microsoft helped take down anther BotNet. The Kelihos Botnet is the third network of infected computers Microsoft has taken down. The first was Rustock and the second was Waledac.

Although the Kelihos BotNet was a smaller BotNet, with only 41,000 infected computers, they were targeted because it is thought that this was run by the same group who ran the Waledac BotNet. Microsoft helped take down Waledac about a year ago and wanted to stop the game of botnet cat and mouse.

This time there is a difference – there are defendants named and being prosecuted. The defendant, Dominique Alexander Piatti, lives in the Czech Republic. The complaint filed with a Virginian court and is very interesting to read. Here is a link to it if you are inquisitive:
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-80-54/8816.Kelihos-Botnet-Complaint.pdf

I am glad to see that these networks of robots are being taken down. It removes a lot of email SPAM as well as removes a tool for attacks and extortion. As we see more prosecutions I expect we will see the a reduction in these networks.

In the case of the Rustock BotNet Microsoft is still offering a $250,000 reward for information that leads to the arrest and conviction of Rustock’s operators. Any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.