Why Microsoft’s latest victory in the fight against spam is significant

In another victory against spammers, Microsoft’s Digital Crimes Unit (DCU) has taken down the Kelihos botnet, which at the time the command and control servers were knocked offline, controlled some 41,000 infected hosts and was able to send 3.8 billion spam emails every day.

Microsoft released the details of its actions against the alleged controllers of a botnet considered to be very similar to Waledac. Microsoft obtained an ex-parte temporary restraining order which enabled Microsoft to work with ISPs to disconnect the command and control servers from the Internet, severing their connection to the compromised computers.

The complaint from Microsoft alleges that Dominique Alexander Piatti, the dotFREE Group S.R.O., and 22 ‘John Doe’ defendants associated with various IP addresses and domain names, violated both federal and state laws by operating a botnet, causing unlawful intrusion and dissemination of unsolicited bulk email to Microsoft’s detriment.

Piatti currently resides in the Czech Republic, and dotFREE Group S.R.O. is a Czech LLC. The ‘John Doe’ defendants are the owners of several registered domains that were a part of the CnC network, but used private registrations for their domain names.

Microsoft’s DCU worked with the Trustworthy Computing Initiative and the Malware Protection Center during the investigation, as well as with customers including Kyrus Tech Inc., who served as a declarant in the case.

This latest victory in the fight against spam is significant for several reasons including:

  • While Kelihos is not as big as Waledac or Rustock were, 3.8 billion spam messages a day is a big number.
  • This is the first time defendants were named and served legal notices on the same day that their servers were taken offline.
  • Kelihos shares significant amounts of code with Waledac, indicating that they were either developed by the same author(s) or that Kelihos was adapted from Waledac.

It also underscores the continuing need for antivirus software at the gateway and on every workstation, as well as anti-spam software for every mailbox. Consider that the Kelihos botnet controlled tens of thousands of computers. The owners of these systems didn’t willingly sign on to generate billions of spam messages each day. They were infected by malware.

If they had been running antivirus software with up-to-date definitions, they probably wouldn’t have been infected. Not all of these infected machines were home computers either. Web filtering software on the company network could have prevented corporate computers from being taken over.

And even with 3.8 billion fewer spam messages hitting our mail servers daily, there are still billions more trying to flood our inboxes. Implementing anti-spam software on the email server, or using an online filtering service, is a critical requirement for any administrator managing an organization’s email security strategy.

David Kelleher is Communications and Research Analyst at GFI Software.