Microsoft fails to credit Kelihos takedown partner

Kaspersky Lab security experts are telling their side of the story on company blogs

Microsoft grabbed headlines Wednesday with its report about the successful takedown of the Kelihos botnet, but while the company detailed the achievements of its Digital Crimes Unit, it failed to mention the major role security firm Kaspersky Lab played in the operation.

Microsoft's Kelihos takedown announcement centered on the fact that its specialized team of lawyers succeeded in naming defendants in a botnet-related federal court complaint for the first time -- such cases usually involve unknown parties.

The named defendants were Alexander Piatti and his Czech-based company dotFREE Group SRO, which operated a second-level domain (SLD) registration service in the .cz.cc name space. This service was abused by the botnet's operators to set up hosts for their control infrastructure. A temporary restraining order was obtained by the Digital Crimes Unit in the U.S. District Court for the Eastern District of Virginia, forcing VeriSign to suspend the cz.cc domain.

Microsoft did not disclose any technical details about how Kelihos was hijacked from its original operators because Kaspersky Lab handled that part of the operation. The security company's experts explained Thursday in a lengthy blog post how they took control of the botnet, but they probably didn't appreciate being left out of the story in the first place.

"Hey @msftmmpc [Microsoft Malware Protection Center] why didn't u mention all truth about Hlux/Kelihos botnet taking down?" Dmitry Bestuzhev, head of Kaspersky Lab's global research and analysis team for Latin America, wrote on Twitter.

"Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure," said Tillmann Werner, a senior virus analyst with Kaspersky in Germany. "We worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system," he added.

Even the antivirus vendor's co-founder and CEO, Eugene Kaspersky, linked to his company's blog post with the message: "The flipside of the Microsoft's takedown of Kelihos (Hlux) botnet."

Kaspersky Lab currently operates the only server where computers infected with this malware connect to, which effectively puts it in control of the botnet. The company has the resources to keep this so-called sinkhole operational for a long time, but the end goal is to reduce Kelihos' size as much as possible.

Sending commands to clean the infected systems remotely would be illegal in most countries, so this won't be an easy task. Microsoft has added detection for the Kelihos malware family to its Malicious Software Removal Tool (MSRT), which is distributed to computers worldwide via Windows Update, but the effects have yet to show.

The software giant claims that not crediting Kaspersky Lab in its original announcement was the result of poor communication between the two companies. "Due to an unfortunate miscommunication between Microsoft and Kaspersky prior to the announcement, Microsoft was operating under the belief that it was Kaspersky's desire to not be proactively mentioned in the announcement --- as some partners commonly request and which we understand and respect given the sensitivity of these situations," said Richard Boscovich, a senior attorney with the Microsoft Digital Crimes Unit.

"However, we were very glad to see Kaspersky subsequently come forward with their role in the operation, because we very much want to give them the credit they deserve. Their research and unique, in-depth insight into the botnet was invaluable in this case and we are grateful for their support and determination to make the Internet safer for everyone," he added.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftkaspersky lab

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?