As part of “Operation b79,” Microsoft has taken down the Kelihos botnet and pointed a finger at Dominique Alexander Piatti, its alleged operator, or at least its enabler. While Microsoft is not new to busting up botnets, the finger-pointing is a first. To clarify, by finger-pointing I mean that Microsoft has named Mr. Piatti as the defendant in an impending civil case regarding the botnet’s activities.
What were the botnet’s activities? Well, Piatti owned the cz.cc domain and sold an army of subdomains. While some of those subdomains appeared to have legitmate purposes, many of them where hosting malware, including MacDefender, a piece of scareware aimed towards Apple operating systems. Of course, like any good botnet, it also sent a whole lot of spam and created zombies for later use in DDoS attacks.
While Piatte may not be directly responsible for the actions taken by subdomains he’s sold, Microsoft is aiming to use this case as a precedent to show that domain holders shouldn’t be able to just hand out subdomains willy-nilly, close their eyes, stick their fingers in their ears, and pretend that no one is doing anything sketchy. Although Microsoft is trying to hold Piatte responsible to a certain extent, they are also doing their best to figure out which of Piatte’s subdomains are doing legitimate business so that they are not penalized for the sketchy behavior of other customers.
Microsoft hopes that, ultimately, this case will bring about increased connection between domain holders and subdomain holders. It seems to be the case that, at the moment, there are hardly any regulations in effect, which makes it exceedingly easy for domain holders to sell subdomains without having any idea what they are being used for. This not only makes it easier for the sketchier domain holder to feign ignorance, but also makes it easier for the naive domain holder to be had. The war against botnets has been and will continue to be long and hard, but hopefully this case can set a new precedent that’ll make it just a little bit harder to support botnets on purpose or by accident.
Have a tip we should know? [email protected]