Microsoft fails to credit Kelihos takedown partner

Kaspersky Lab security experts are telling their side of the story on company blogs

By Lucian Constantin, IDG News Service |  Security

Microsoft grabbed headlines Wednesday with its report about the successful takedown of the Kelihos botnet, but while the company detailed the achievements of its Digital Crimes Unit, it failed to mention the major role security firm Kaspersky Lab played in the operation.

Microsoft's Kelihos takedown announcement centered on the fact that its specialized team of lawyers succeeded in naming defendants in a botnet-related federal court complaint for the first time -- such cases usually involve unknown parties.

The named defendants were Alexander Piatti and his Czech-based company dotFREE Group SRO, which operated a second-level domain (SLD) registration service in the .cz.cc name space. This service was abused by the botnet's operators to set up hosts for their control infrastructure. A temporary restraining order was obtained by the Digital Crimes Unit in the U.S. District Court for the Eastern District of Virginia, forcing VeriSign to suspend the cz.cc domain.

Microsoft did not disclose any technical details about how Kelihos was hijacked from its original operators because Kaspersky Lab handled that part of the operation. The security company's experts explained Thursday in a lengthy blog post how they took control of the botnet, but they probably didn't appreciate being left out of the story in the first place.

"Hey @msftmmpc [Microsoft Malware Protection Center] why didn't u mention all truth about Hlux/Kelihos botnet taking down?" Dmitry Bestuzhev, head of Kaspersky Lab's global research and analysis team for Latin America, wrote on Twitter.

"Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure," said Tillmann Werner, a senior virus analyst with Kaspersky in Germany. "We worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system," he added.

Even the antivirus vendor's co-founder and CEO, Eugene Kaspersky, linked to his company's blog post with the message: "The flipside of the Microsoft's takedown of Kelihos (Hlux) botnet."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness