Microsoft tells story of Antivirus programmer turned Kelihos botnet hacker

Several months ago there was a massive spam operation by the name of Kelihos botnet that both Microsoft and partners took offline, this menace having already sent 3.8 billion spam emails a day for some time. What you should know, and perhaps much more importantly, is the following fact: the controller and creator of that spam factory was no less than a former employee of several Antivirus firms. What does this mean for you? It means you should think twice before firing Johnny No-Virus from your Antivirus group, folks, because he'll probably be spamming you soon.

What we're looking at here is a fellow by the name of Andrey N. Sabelnikov from the Russian Federation who worked most notably with antivirus vendor Agnitum. Once he began his work on this Kelihos operation, he embedded debug codes into the source of the virus which then allowed the software to download and install the Kelihos machine. It's undoubtably clear that the fellow in question here got his knowhow from working with the firms he'd worked with in the past whose main goal it is to do away with the viruses he now slung. His LinkedIn page also noted that he'd worked for security vendor Returnil between 2008 and 2011, his stint with Agnitum taking place between 2005 and 2008.

Microsoft wrote the following in a US District Court complaint against Sabelnikov:

"Defendant Andrey N. Sabelnikov is an individual residing in St. Petersburg, Russian Federation. Defendant currently works on a freelance basis for a software development and consulting firm. Prior to his current employment, Defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software. [With Kelihos botnet he] used the software to control, operate, maintain and grow the Kelihos botnet, by among other things, infecting innocent users' computers." – Microsoft

Harsh words, but certainly not unwarranted. How many hackers do you think studied with the protection agencies they'd hope to bypass in the future? Imagine the ease!

[via Ars Technica]