Microsoft neutralizes Kelihos botnet, names defendant in case

Jump to navigation Jump to search

(Publication) Google search: [1]

Microsoft neutralizes Kelihos botnet, names defendant in case
Botnet Kelihos
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group Operation b79
Date 2011 / 27 Sep 2011
Editor/Conference Microsoft
Link blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx ( Archive copy)
Author Richard Domingues Boscovich


Building on the recent successes of the Rustock and Waledac botnet takedowns, I’m pleased to announce that Microsoft has taken down the Kelihos botnet in an operation codenamed “Operation b79” using similar legal and technical measures that resulted in our previous successful botnet takedowns.

Kelihos, also known by some as “Waledac 2.0” given its suspected ties to the first botnet Microsoft took down, is not as massive as the Rustock spambot. However, this takedown represents a significant advance in Microsoft’s fight against botnets nonetheless. This takedown will be the first time Microsoft has named a defendant in one of its civil cases involving a botnet and as of approximately 8:15 a.m. Central Europe time on Sept. 26th, the defendants were personally notified of the action.

The Kelihos takedown is intended to send a strong message to those behind botnets that it’s unwise for them to simply try to update their code and rebuild a botnet once we’ve dismantled it. When Microsoft takes a botnet down, we intend to keep it down – and we will continue to take action to protect our customers and platforms and hold botherders accountable for their actions.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR958,
   editor = {Microsoft},
   author = {Richard Domingues Boscovich},
   title = {Microsoft neutralizes Kelihos botnet, names defendant in case},
   date = {27},
   month = Sep,
   year = {2011},
   howpublished = {\url{}},