STE WILLIAMS

Members of Anonymous have released an intercept of a conference call between investigators at the FBI and Scotland Yard during which operations against hacktivist group were discussed.

During the 17-minute call – which was released as an MP3 file and distributed on YouTube and elsewhere – investigators can be heard discussing various Anonymous and LulzSec-related cases. Information discussed in the call reportedly included details of evidence against suspects (sometimes referred to by their hacker handles), plans for legal action and court dates. The hacktivist group also published what it said was an FBI email detailing the addresses of invited call participants: 40 law enforcement officials in the UK, US, France, Ireland, The Netherlands and Sweden.

It is unconfirmed how the 17 January call was intercepted but the “leaked email” includes the time, dial-in number and access code, so it could be that members of the group simply dialled into the number and recorded the call directly.

The FBI confirmed the leak, saying the information “was intended for law enforcement officers only and was illegally obtained,” AP reports. The agency has reportedly launched an investigation into the leak, the BBC adds.

Meanwhile, a Met spokesman said:

We are aware of the video which relates to an FBI conference call involving a PCeU [Police Central e-Crime Unit] representative.

The matter is being investigated by the FBI.

At this stage no operational risks to the MPS have been identified; however we continue to carry out a full assessment. We are not prepared to discuss (this) further.

The interception of the conference call is a serious operation security breach, especially because it affects an ongoing high-profile investigation, and is a major coup for the rag-tag hactivist collective.

A Twitter account linked to Anonymous – AnonymousIRC – boasted:

The #FBI might be curious how we’re able to continuously read their internal comms for some time now. #OpInfiltration.

Hints that hackers may have had an inside track on police investigations into their activities came late last month when “Anonymous Sabu” (leader of the LulzSec group) correctly predicted the postponement of trial against Jake Davis, an alleged member of LulzSec, F-Secure notes.

The cases against Jake Davis (allegedly “Topiary”, the public face of the Anonymous and LulzSec hacktivist groups) and Ryan Cleary (who is alleged to have run a DDoS attack on the Serious Organised Crime Agency’s website) are discussed during the conference call.

Additional security commentary on the incident can be found in a blog post by Sophos here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/anonymous_leaks_fbi_conference_call/

Half of all Fortune 500 companies still contain computers infected with the DNSChanger Trojan, weeks after a FBI-led takedown operations targeting the botnet’s command-and-control infrastructure.

DNSChanger changed an infected system’s domain name system (DNS) resolution settings to point towards rogue servers that redirected legitimate searches and URLs to malicious websites, earning cybercrooks kickbacks from click-fraud scams and scareware distribution rackets in the process. The FBI stepped in and dismantled the botnet’s command-and-control infrastructure in November.

The takedown operation – codenamed Operation Ghost Click – led to the arrest of six Estonian nationals, accused of manipulating millions of infected computers via DNSChanger. At its peak as many as four million machines were hijacked by the malware.

Rogue DNS servers were temporarily replaced by legitimate servers but nothing was done to disinfect pox-ridden PCs. That left organisations at a heightened risk of attack, not least because DNSChanger disables anti-virus software and security updates on infected machines.

A study by IID (Internet Identity), published on Thursday, found at least 250 of all Fortune 500 companies and 27 out of 55 major government entities had at least one computer or router on their network still infected with DNSChanger. The stats come data from IID’s ActiveKnowledge Signals system as well as information from other leading security and Internet infrastructure outfits.

Darkness will fall

Barring further court actions, legitimate servers that were set up to replace rogue DNS servers will be deactivated on 8 March, 120 days after the initial takedown operation. Unless infected machines are fixed they will not be able to browse the web or send emails as normal after 8 March, once the plug is pulled on the replacement domain-name-to-IP-address-resolution servers upon which they currently rely.

Fortunately help is at hand through the ad-hoc DNSChanger Working Group and security firms such as Avira.

Avira has published a tool designed to allow users to see if their machines are infected with DNSChanger malware. The German firm, best known for its freebie security scanner software, has also released a free DNS-Repair tool so users can revert to the default settings of Windows with only a few clicks.

Sorin Mustaca of Avira explained the importance of taking action now, rather than waiting for possible problems to appear next month.

“If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by the FBI, after March 8, it will no longer be able to make any DNS requests through these servers,” he said. “In layman’s terms, you will no longer be able to browse the web, read emails and do everything you usually do on internet. So, it is mandatory that the DNS settings of the computer are restored to their original state.”   More information on how to clean up infected machines before time runs out can be found at the DNS Changer Working Group website. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/dnschanger_trojan_clean_up/

A Wisconsin woman has been charged over claims she tried to sell $1m worth of Facebook shares that she didn’t own.

Prosecutors said that Marianne Oleson had told friends that she received the shares because her daughter knew Mark Zuckerberg, and managed to persuade a few different people to take the fake stock off her hands.

Oleson is facing 31 charges in relation to the fake Facebook shares, including theft, forgery and making misleading statements.

Unfortunately, during the investigation, the cops said they also found marijuana growing in her sun room, adding three more drug-related charges to the criminal complaint.

Local news site Fox 11 cited the complaint as alleging that one of Oleson’s victims had been a contractor who worked on her house. According to the complaint, when Oleson wasn’t able to pay him for his building work, she offered him $18,000 worth of the ‘stock’ in payment. To add insult to injury, the complaint continued, she also managed to persuade him to give her an additional $10,000 for more of the shares.

“I’m interested in my options and investments so you don’t have to work as hard and make it a lot easier money for my kids and family,” contractor Randy Stafford said.

But Stafford realised something wasn’t right with the documents she gave him, so he went to the police.

The complaint lists four other people who had either bought the fake stock from Oleson, or had received some from her as a gift. The four people listed included her daughter, who allegedly received the shares as a Christmas present.

According to The Northwestern, a newspaper in Oleson’s hometown of Oshkosh, she didn’t hand over any fake stock certificates, but gave her customers falsified share subscription documents.

She was able to fake these because of an original document she got from Gignesh Movalia, owner of a Florida-based investment management firm that owns 65,000 shares in Facebook, the newspaper said.

Movalia told the cops that Oleson had said she was interested in buying $1m worth of the stock from his firm, so he sent her a copy of a share subscription agreement from his company. She then got back in touch and told him she was no longer interested.

Oleson is due in Winnebago County Court on 9 February for a preliminary hearing. Her bail was set at $50,000. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/woman_charged_with_selling_fake_facebook_shares/

Researchers at the Ruhr-University Bochum have managed to extract the secret encryption algorithmns used by satellite phones, and discovered that it’s a lot less secure than one might hope.

Benedikt Driessen and Ralf Hund analysed firmware updates for popular satellite handsets to extract the ciphers used by the Thuraya and Inmarsat networks, which are known as GRM-1 and GRM-2 respectively. The first cipher turned out to be a variant of the already-exploited A5/2 cipher on which GSM used to depend; GRM-2 hasn’t yet been attacked but the researchers reckon it wouldn’t be particularly difficult to break.

Modern security systems, including SSL and modern GSM networks, use published ciphers which are open to general scrutiny, but there was a time when it was considered better to keep the method by which data is encrypted secret as an additional barrier to the attacker.

That time is now well past – it’s become obvious that attackers can identify secret ciphers, and the lack of public analysis made for much weaker ciphers which were subsequently broken. GSM, for example, used secret ciphers which turned out to have exploitable weaknesses, so has now (in most places) shifted to the A5/3 cipher, which is widely published, tested and has proved resistant to assault.

But satellite systems haven’t moved on as quickly, and the researchers’ job was made easier by the short production run of satellite handsets. GSM cryptography is almost all done in hardware, the quantity of GSM phones makes it economical to fabricate specialist silicon for the job, but satellite phones do the same work in software so the ciphers can be found within firmware updates.

The Cryptanalysis blog has a detailed writeup of the attack – but, in summary, phones on the Thuraya and Inmarsat networks aren’t as secure as they appeared to be yesterday, and anyone hoping for secure communications should be using end-to-end cryptography from Cryptophone, Cellcrypt or similar. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/satellite_phone_hack/

Apple’s FileVault disk encryption can be circumvented in less than an hour, according to a computer forensics firm.

Passware claims the latest version of its toolkit (Passware Kit Forensic v11.3) can also unlock volumes encrypted using TrueCrypt, a disk encryption software that ranks alongside PGP as the choice of privacy-conscious computer users, human rights activists and others.

Technology from Passware is reportedly capable of capturing the content of a Mac machine’s memory, via Firewire interfaces, before extracting encryption keys. Passware’s software previously included the ability to extract Mac passwords as well as the capability to bypass the BitLocker encryption built into later versions of Windows.

Cracking Mac OS X Lion’s FileVault encryption using the technology requires physical access to a targeted machine, and the presence of a working FireWire port. As such, it’s not much use for remote hack attacks. The encryption keys of password-protected machines cannot be extracted unless machines are turned on.

If an attacker can get hold of a machine that’s already switched on or where no password protection is applied then the full key extraction process “takes no more than 40 minutes – regardless of the length or complexity of the password,” Passware claims.

Passware Kit Forensic v11.3 is capable of recovering hashed passwords with rainbow tables and extracting passwords from encrypted Mac keychain files as well as building a password list for its dictionary attack (based on the words detected in a computer memory). It can also recover Mac login passwords but only if a machine is actually turned on at the time it is seized.

“Full disk encryption is becoming a major obstacle for digital investigations,” said Dmitry Sumin, Passware president, in a statement (PDF). “The latest version of Passware Kit Forensic offers multiple approaches to overcoming this problem, such as live memory analysis and extraction of encryption keys for BitLocker, TrueCrypt, and FileVault. This means forensic experts are better armed to approach investigative challenges with an effective and efficient solution that significantly reduces decryption time and thus allows investigators to focus on data analysis.”

Passware is marketing its technology to law enforcement agencies and governments. Well-heeled blackhats prepared to fork out $1,000 would equally be able to get access to the software, which refines existing password-extraction techniques rather than creating a new class of exploit.

More commentary on the hack can be found in a post on Sophos’s Naked Security blog here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/apple_disc_crypto_broken/

Quotw This was the week when Facebook finally filed for its IPO.

The social network is hoping for a feeding frenzy for its shares that will net the firm $5bn, but there’s some concern that Facebook could be overvalued, despite the Zuck’s attempts to keep a lid on any bubble-like formations.

And while Facebook’s filing is a little bit vague when it comes to figures about how many people are actually using it – and being exposed to ads in the process – and for how long they are using it, the social network isn’t shirking its new SEC guidelines about admitting to cyber attacks.

In fact, as Zuck tells his bitches users, it’s all about making the world a better, more informative place, and if he happens to make billions and billions of dollars by ramming ads into every available corner of the site, that’s just incidental.

This was also the week when Apple was defending itself against accusations of generally awful behaviour with regards to its supplier factories in China. A piece in the New York Times was graphic in its description of an explosion at an iPad factory, so Apple refused to comment, but chief Tim Cook sent an email around to Apple employees about how much the fruity firm cares. And somehow, that presumably private internal email got leaked to the media:

We care about every worker in our worldwide supply chain. Any accident is deeply troubling, and any issue with working conditions is cause for concern. Any suggestion that we don’t care is patently false and offensive to us.

It’s difficult to believe any Apple employee actually leaked the mail without permission, since this week also brought new evidence that the Jesus-mobe-maker is paranoid in the extreme about staff loyalty.

A new book about the company written by Adam Lashinksy cites a former employee as saying that new staff members were sometimes given fake projects or dummy positions until it could be established that they were trustworthy. Another ex-employee then told Lashinsky in a QA session on LinkedIn promoting the book:

A friend of mine who’s a senior engineer [at Apple], he works on – or did work on – fake products I’m sure for the first part of his career, and interviewed for nine months.

And no Appley week would be complete without a rumour, which was brought to us this week by Amazon France. The bookseller has some books about the iPad 3 slated for release in March, coincidentally the previously rumoured launch month for the latest fondleslab.

Three people familiar with the product have already been whispering to Bloomberg that the iPad 3 was a springtime tablet and that it would be pimped up with some new stuff, including a better display and processor. One of the leakers said:

Apple is bringing LTE to the iPad before the iPhone, because the tablet has a bigger battery and can better support the power requirements of the newer technology.

Meanwhile, the Megaupload saga trundled on with concerns for users’ data, which had been subpoenaed by the Feds, but was in danger of being deleted after they were done with it.

The US attorney’s office said it had finished its probe of the confiscated servers, outsourced to two companies in Virginia. But Megaupload lawyer Ira Rothken said that since the law had also frozen the firm’s assets, the company could no longer afford to pay the hosting companies for the server space.

Luckily, the Electronic Frontier Foundation was on the case, saying:

[The EFF is] troubled that so many lawful users of Megaupload.com had their property taken from them without warning

The foundation has set up a website to try to get legitimate data back to its users, but server-owner Carpathia has said it has no direct access to the data, so content-holders may still have to rely on the Feds to get their info back.

In California, Google was busily giving a new definition to the word irony as it tried to inform everyone about the new changes to its privacy policy. Unfortunately, in the process it also managed to invade the privacy of some of its corporate customers. In the UK, both Virgin Media and Sky users were surprised to find that the Chocolate Factory had their email addresses and was letting them know directly about a privacy policy that didn’t apply to them.

Sky had the goodness to email its customers as well, explaining:

We understand that you may have recently received an email to this address from Google with the subject title: ‘Changes to Google Privacy Policy and Terms of Service’. We’d like to apologise for any confusion this email may have caused. It was sent in error and should be ignored.

The week also brought a new twist in the Great Patent Wars, with the European Commission announcing the launch of a formal investigation of Samsung over its use of standards-related 3G patents as ammo in its IP lawsuits.

As they’re used for the 3G standard, the patents are supposed to be licensed on FRAND terms, not used to bully rivals into submission.

The European Commission has opened a formal investigation to assess whether Samsung Electronics has abusively, and in contravention of a commitment it gave to the ETSI, used certain of its standard essential patent rights to distort competition in European mobile device markets, in breach of EU antitrust rules.

Research in Motion didn’t come out of the week looking too good. The beleaguered firm released a pointless statement of the obvious in the form of the conclusions of the governance review that found that the firm shouldn’t have CEOs who are also chairs of the board. It was a bit late for such statements though, considering the shareholders had been narking at the board on the issue for seven months and RIM had actually already removed Mike Lazaridis and Jim Balsillie as co-chief execs/chairmen. The review said:

The committee believes that appointing an independent chair is the appropriate solution for RIM shareholders and will resolve the issue for RIM and its employees and business partners.

Which happened in the same week RIM let loose some exquisitely poorly planned marketing in the form of its “Bold Team” of superheroes, who induced a high level of abuse and ridicule on the internet.

Legions of Twitterati took to the ‘net to brand the Bold Team – composed of GoGo Girl (The Achiever), Max Stone (The Adventurer), Justin Steele (The Advocate) and Trudy ForReal (The Authentic) – as deeply moronic. The BlackBerry-maker later attempted to dismiss the heroes as nothing more than a “fun infographic”, but couldn’t quite escape the shame of having a female superhero who saves the day with “a brilliant strategy, a smile, or a spatula”.

Many tweets pulled no punches, such as:

RIM should just sell its IP and gracefully close. Because they’re morons, and their products marketing suck ass

or:

The horror

And finally, Twitter did no favours for two Brits hoping to have a madcap American holiday.

The pair of tweeting tourists were given the third degree by Homeland Security and kept in the cells overnight, before being deported from the country, all because of what they claimed were some jokey tweets.

Hapless holidaymaker Leigh Van Bryan, 26, had posted a number of tweets about how he and mate Emily Bunting, 24, were going to be living it large in LA, which alerted the authorities to their terrorist potential before they even landed.

He tweeted:

3 weeks today, we’re totally in LA pissing people off on Hollywood Blvd and diggin’ Marilyn Monroe up!

and

Free this week, for quick gossip/prep before I go and destroy America.

Unfortunately, the Feds did not believe their claims that the tweet about Marilyn was a quote from Family Guy and “destroy” meant get drunk and party. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/03/quotw_ending_february_3/

Verisign has admitted in an SEC filing that it suffered numerous data breaches in 2010, but that management wasn’t informed by staff for nearly a year after they occurred.

In the 10-Q filing, the company said that it suffered multiple data breaches during 2010, and that data was stolen. Exactly what is missing the company isn’t saying, although it believes it was unrelated to the company’s DNS servers. Senior management weren’t told of the attacks until September 2011, the filing claims, but security reporting procedures have since been revamped.

“The Company’s information security group was aware of the attacks shortly after the time of their occurrence and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks,” the filing reads.

“However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information. In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future.”

The company doesn’t say in the filing if the attacks were related to the wave of corporate hacks around that time, thought to originate from China, which took down some of the biggest names in the business, or if they are related to the attack on RSA’s SecureID system.

Symantec, which bought Verisign’s security business in 2010 for $1.28bn, told The Register that it was confident that the security services were not compromised in the attack.

“Symantec takes the security and proper functionality of its solutions very seriously,” said the company in an emailed statement. “The Trust Services (SSL), User Authentication (VIP) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign quarterly filing.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/02/verisign_hacking_attack/

Scotland Yard officers investigating allegations of computer hacking by News International staff have declined to “give a running commentary” on their probe, batting away MP Tom Watson’s narration of the saga.

The Labour backbencher and member of the culture, media and sport select committee had said earlier on Twitter:

The Met police have confirmed to me they are investigating @rupertmurdoch‘s newspaper The Times over email hacking.

Watson wrote to Met deputy assistant commissioner Sue Akers on 23 January urging cops to look into accusations of computer misuse at The Thunderer, which is published by Murdoch’s News International.

Scotland Yard gave The Register this statement:

Officers from Operation Tuleta are in contact with Mr Watson in relation to specific issues he wishes to raise. We are not prepared to give a running commentary on the Operation Tuleta investigation.

One man has been arrested by the Met team working on Operation Tuleta, an investigation into alleged breaches of privacy including computer hacking. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/02/email_hack_allegations_times/

Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.

In October last year, the US Securities and Exchange Commission told publically listed companies that it was about time they talked about the cyber-attacks they had suffered, particularly because online mischief could financially damage their products.

One of the basic rules of listing on a stock market is that firms have to make their financial comings and goings public so that investors can make (relatively) informed decisions about whether or not to buy their shares. But up until last year, there was no push in the US for companies to ‘fess up when they’d been hacked.

Now the SEC says:

Registrants should address cybersecurity risks and cyber incidents in their MDA [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.

Facebook’s widely anticipated IPO, for which the social network hopes to net a cool $5bn, is the first to actually use the words “hacking” and “spam” in their list of risk factors for investing in the firm.

“Computer malware, viruses, and computer hacking and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future,” the company’s filing stated. “Because of our prominence, we believe that we are a particularly attractive target for such attacks.”

Facebook naturally hedges its bets a bit by saying that it’s not easy to say what damage an attack may do, but admits “any failure to maintain performance, reliability, security, and availability of our products and technical infrastructure to the satisfaction of our users may harm our reputation and our ability to retain existing users and attract new users”.

Moving onto the pesky issue of spam, the social network said that spam could embarrass or annoy its users and make the site less user-friendly.

“We cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform. As a result of spamming activities, our users may use Facebook less or stop using our products altogether,” the filing added.

Although Facebook is the first of the big web boys to talk so openly about hacking in its initial filing, most internet firms to make some nod to the inherent dangers of doing business online.

All the way back in 2004, when Google was entering the stage, it listed “malicious third-party applications” among its risks for initial investors.

“Our business may be adversely affected by malicious applications that make changes to our users’ computers and interfere with the Google experience,” the Chocolate Factory said.

“These applications have in the past attempted, and may in the future attempt, to change our users’ internet experience, including hijacking queries to Google.com, altering or replacing Google search results, or otherwise interfering with our ability to connect with our users.”

And more recently, when LinkedIn filed to go public in January last year, it said: “If our security measures are compromised, or if our website is subject to attacks that degrade or deny the ability of members or customers to access our solutions, members and customers may curtail or stop use of our solutions.”

But not all of the stock market entrants have been so forthcoming. Groupon, which had its delayed IPO in November, but filed with the SEC in June, listed almost every risk imaginable including their vulnerability to “earthquakes, other natural catastrophic events or terrorism”, but made no mention of hacking.

The daily deals site did say it is dependent on good network infrastructure – where it mentions viruses and security – and good “internet infrastructure” – under which heading it mentions “viruses, worms, malware and similar programs [that] may harm the performance of the internet”.

“The backbone computers of the internet have been the targets of such programs,” the filing added, which rather made it seem like Groupon could only break if the whole internet was broken.

High-profile attacks on big firms and bodies like Sony, Citigroup and the US Air Force in the last few years brought hacking into the public consciousness and prompted a lot of governmental scrutiny.

The SEC issued its new guidance after US Senator Jay Rockefeller asked the commission to look into the issue.

“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark,” he said.

When the commission issued the guidance, it warned that companies had “increasing dependence on digital technologies to conduct their operations” so the risks associated with cybersecurity had also increased “resulting in more frequent and severe cyber incidents”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/02/facebook_hacked_before/

The spam-spewing Kelihos botnet has returned from the dead.

Microsoft collaborated with Kaspersky Lab to run a successful takedown operation last September. The takedown decapitated the botnet by shutting down command-and-control server nodes, directing the bots on infected computers to contact a server under the control of security researchers, rather than one controlled by the attackers.

In the case of the Kelihos peer-to-peer botnet, Kaspersky researchers pushed out a new peer address, which the existing infected PCs began polling for new instructions.

This “sink-holing” action meant that compromised machines in the network were no longer receiving instruction and spam templates every time they “phoned home” to command nodes. Even so the machines were still infected and left with an open back door that might be exploited by cybercrooks. A deliberate decision was taken NOT to patch infected machines, a problematic process that’s illegal in some countries. Instead it was left to users to fix the security on their compromised machines.

Almost inevitably many didn’t bother.

Over time miscreants have used the botnet’s complex back-channel network of proxy servers to regain control of compromised machines. These machines have been infected with a new variant of Kelihos that uses modified encryption schemes and algorithms to mask communication. Two different keys are being used, suggesting that more than one gang is controlling the botnet, according to a new analysis Maria Garnaeva, a security researcher with Kaspersky Lab.

“”As you can see, two different RSA keys are used within a tree which makes us think that probably two different groups are in possession of each key and are currently controlling the botnet,” Garnaeva explains.

“Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralisation of the original Hlux/Kelihost botnet,” she added.

At its peak, Kelihos spewed out as many as 4 billion junk mail messages, spam-vertised unlicensed pharmaceuticals, stock scams and other tat from around 45,000 malware-infected zombie PCs. Current spam levels are nowhere near this bad, even though they still pose a problem.

The reappearance of spam from the botnet underlines that sinkholing alone is not effective in killing off botnets. Security experts knew this even at the start. Garnaeva suggests that only patching infected machines or taking botnet controllers out of circulation would be truly effective.

Last week Microsoft filed an amended lawsuit alleging that a Russian national was involved in both creating the original Kelihos malware and running the botnet network. Andrey Sabelnikov of St Petersburg, a software developer and former employee at two Russian security firms, denies any wrongdoing. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/02/kelihos_botnet_returns/