A joint statement published by Microsoft says: “Microsoft and St. Petersburg software programmer Andrey Sabelnikov have entered into a Settlement Agreement in the matter of Microsoft v. Sabelnikov.” The two parties have accepted that although Sabelnikov wrote code that was used by Kelihos, “the programmer is not the operator of the botnet or involved in its activities.” A confidential settlement agreement “resolves the dispute between the parties.”
Noticeably, Microsoft goes on to say that finding the code developer together with subsequent evidence has provided “important intelligence and data on how botnets are built and how cybercriminals are able to access the code used to build them.” This may be true, but Brian Krebs suggested back in January, when Microsoft first filed court papers against Sabelnikov, that he was not involved with the botnet operation. “Sabelnikov is likely only a developer of Kelihos,” wrote Krebs. “Rather,” he suggested, “the true coordinator of both Kelihos and Waledac is likely another Russian who is well known to anti-spam activists.”
The joint statement has been expected since last month. The Russian legal news service RAPSI reported on 11 September, “Microsoft recalled the lawsuit against Russian programmer Andrei Sabelnikov, who was accused of creating a major botnet, a source close to the proceedings told the Russian Legal Information Agency (RAPSI/rapsinews.com) on Monday. The parties have managed to reach an agreement on the settlement of the conflict, he said.”
Combined action from Microsoft, Kyrus Tech and Kaspersky Lab managed to shut down Kelihos. A separate botnet commonly described as Kelihos.c still exists, although there is some confusion over whether this is a new botnet or the remnants of the old Kelihos. Kelihos.c is thought to comprise around 70,000 infected computers. It spreads primarily through Facebook, seeking to trick users into downloading the Fifesoc trojan.