STE WILLIAMS

A trade union has been ordered to let an independent expert examine its computer database to try to identify anonymous users of a forum it operated who allegedly defamed and harassed an airline pilot.

The High Court said its order was both necessary and proportionate and rejected claims made by the Unite union that the scope of the order was intrusive. Unite had claimed that the expert would be invading the privacy of its members by trawling through their “sensitive personal data” to look for the identifying information.

Manish Patel, a British Airways captain, had requested that Unite disclose the identities, home addresses and IP addresses of 42 anonymous users of the British Airlines Stewards and Stewardesses Association (BASSA) forum.

Unite had previously been ordered to conduct a “reasonable search” for the information on its systems, but had said the details had been deleted after the forum was shut down. However, the High Court said that staff at the trade union lacked expertise in IT and that an independent expert should be allowed to conduct their own search for the information.

The Court said the independent expert will have to “give suitable undertakings” that they will not reveal any information uncovered during their search that is not relevant to the information being sought before conducting their search.

“An order for Norwich Pharmacal disclosure [a legal term which means the respondent must disclose certain documents or information to the applicant] has already been made, which obliged Unite to carry out a search for the information which Mr Patel needs,” the High Court said in its ruling. “There is reason to suppose that the search has not been thoroughly carried out, or has not been carried out with the degree of expertise which is necessary to ensure that it is effectively done.”

“It is relevant to take into account that the terms of conditions of the BASSA website warn members that BASSA reserves the right to disclose their true identities and other information, if requested by a third party, albeit subject to their rights of privacy and of data protection,” it said. “Moreover, without an order of the kind sought, it will certainly not be possible to identify those responsible for the arguable wrongs of which Mr Patel complains. I accept that even with such an order, their identification may not be achieved, but it certainly cannot be done without one”.

“It seems to me that the intrusiveness of the order proposed, particularly as regards innocent members who have not posted any of the material complained of, can be significantly reduced by ordering that the necessary work should be carried out by an independent expert appointed jointly by the parties, and that the expert should give suitable undertakings … to the effect that he should not disclose to Mr Patel or to any other person any information obtained in the course of his copying and examination of the BASSA database except information which identifies those responsible for the posts complained of or which explains why (if that be the case) they cannot be identified,” it said.

“On that basis, the order will in my judgment satisfy the requirement of proportionality, and the need to respect so far as possible the privacy and data protection rights of BASSA members,” the Court ruled.

Patel claims he was defamed and harassed by anonymous users on the BASSA forum. The users wrote that he was “unsafe to fly with,” lied, was “unfit to be a captain,” acted illegally and erratically, had been responsible for “the dismissal of innocent cabin crew” and been involved in police corruption, according to the ruling. Patel needs to be able to identify the users responsible for the comments if he wants to bring legal action against them, the ruling said.

Unite had previously been ordered to disclose the identities of the individuals behind the usernames but said it was impossible to find out who precisely had posted which messages. That was because BASSA forum members “could and apparently did” regularly swap or change usernames in order to prevent BA identifying them and because some of the data contained about usage of the site had been deleted after the forum was closed down last year, they said.

However, Patel argued that the information was recoverable and the High Court said that it was necessary and proportionate for an independent expert to look for it. In the UK courts can issue what is called a Norwich Pharmacal Order to force the release of information.

Unite had claimed that the information contained on its database was “sensitive personal data” because Patel claimed the users had committed an offence under the Protection from Harassment Act.

Under the Data Protection Act extra protection must be given to sensitive personal data, which includes whether a person has committed or allegedly committed an offence. In his ruling the judge said that the information that independent expert may encounter could also be considered sensitive personal data because it would reveal their identity as a trade union member. Despite this, he ruled the search was legitimate.

Last summer the BASSA forum was closed following complaints Patel filed about the claims made about him. Unite had posted a “unilateral statement” on the site at the time of closure that said “many of the allegations” levelled at Patel were “unfounded”.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/01/high_court_says_scrutinising_forum_database_isok/

Music industry chiefs must have been pleased to hear that the maker of pig-squishing iPhone game Angry Birds has learned from its mistakes in combating piracy.

Contrasting the music industry’s ignore-then-crush approach to piracy to his own softly-softly approach with Angry Birds, Rovio chief Mikael Hed told assembled music insiders at the Midem Music Conference in Cannes that things could have worked out better if they had only chilled out.

“We could learn a lot from the music industry, and the rather terrible ways the music industry has tried to combat piracy,” Hed said in a speech reported by the Guardian.

He said:

Piracy may not be a bad thing: it can get us more business at the end of the day…

… We took something from the music industry, which was to stop treating the customers as users, and start treating them as fans. We do that today: we talk about how many fans we have.

If we lose that fanbase, our business is done, but if we can grow that fanbase, our business will grow.

Though the speech has been reported as a “hey piracy’s okay” statement, it’s worth noting that the piracy that the Rovio bosses tolerated was around merchandise in Asia – small-scale stuff that Hed said it would be “futile” for the company to pursue through the courts.

“We have some issues with piracy, not only in apps, but also especially in the consumer products. There is tons and tons of merchandise out there, especially in Asia, which is not officially licensed product,” he explained.

Though a few thousand fake plush toys could help win new fans to the franchise, in cases where Rovio felt like the pirates were harming the Angry Birds brand, or were ripping off its fans, he said it would be prepared to act. In other words: where the piracy actually affects Rovio’s core business model.

Hed’s comments on piracy were an aside at his Midem speech, which was primarily to announce his interest in doing content deals with music labels and getting music tracks into Angry Bird games:

Already our apps are becoming channels, and we can use that channel to cross-promote – to sell further content. The content itself has transformed into the channel, and the traditional distribution channels are no longer the kingmakers.

®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/31/angry_birds_chief_piracy_which_doesnt_affect_us_is_fine/

Malware-spreaders are hacking into vulnerable WordPress-powered sites in order to drive traffic towards pages loaded with exploits.

Hundreds of websites based on WordPress 3.2.1 have been compromised so that surfers directed to the WordPress-built sites via email links are exposed to the Phoenix exploit kit, M86 Security warns.

In order to lure users to compromised pages, the attacker has spammed out thousands of malicious emails querying an unfamiliar bill and asking recipients to click on a link. (Web security firm Websense separately warned of this spam run late last week.)

The link points to a page on compromised WordPress sites (the sites appear legitimate to spam filters) that includes a hidden iFrame, which loads the Phoenix exploit kit from a Russian-hosted server.

Arriving at the page puts surfers in the firing line of a page that attempts exploit multiple vulnerabilities in Microsoft Internet Explorer, Adobe PDF, Flash and Oracle Java. The attack is ultimately designed to distribute a information-harvesting Trojan, dubbed Cridex-B.

“The exploit page is hosted in a Russian domain called horoshovsebudet which roughly translates as ‘Everything will be fine’, showing a certain sense of humor by these attackers,” M86 Security notes.

A full-write up of the attack, including screenshots, can be found in a blog post by M86 Security here.

The Phoenix exploit kit is creeping up on the coattails of the notorious Black Hole Exploit kit at the cybercrime toolkit of choice for hackers looking for booby-trap legitimate websites. Source code for Phoenix was leaked onto the net last April and it has grown in popularity since then. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/31/wordpress_vuln_phoenix/

Analysis Israel, Finland and Sweden are more prepared than larger nations to fight a conflict in cyberspace, according to a McAfee-backed cyber-defence study.

The cyber-security report (click to enlarge)

The study, Cyber-security: The Vexed Question of Global Rules, is based on interviews with experts in the nascent field by by McAfee and Security Defence Agenda, a defence think-tank. No metrics are involved in the study, which even McAfee admits is largely subjective. Brussels-based SDA based its conclusions on “in-depth interviews with some 80 world-leading policy-makers and cyber-security experts” in government, business and academia in 27 countries as well as an anonymous survey of 250 world leaders in 35 countries.

For the record, among the key findings of the report are the contention that the state of cyber-readiness of the US, Australia, UK, China and Germany all rank behind that of smaller countries such as Israel, Sweden and Finland. The methodology used for rating various countries’ state of cyber-readiness was developed by Robert Lentz, former US Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance.

Hmmm.

Without knowing the capabilities of GCHQ and the NSA, and the cyber-warfare pundits quizzed by McAfee would be honour-bound not to disclose this if they did know, it is hard to even begin to understand where this conclusion comes from. Certainly the UK government’s very public commitment to boost cyber-security – with an additional budget of £650m over the next four years on improved electronic defences, mostly earmarked for GCHQ and the intelligence agencies – would suggest it’s no laggard when it come to repelling hacker attacks.

The UK and US, rated with four castles, are only just behind the top-ranked nations, which earn four-and-a-half castles. China and Russia get three castles, ahead of India (on two-and-a-half), and Mexico (two castles – the lowest rating of the 23 countries accessed).

Frankly the whole thing is like rating footballers after a match, which sports journalists routinely assign in a great hurry on the way to the boozer – only to find their musings are taken quite seriously by the players.

In other findings, the report found that most (57 per cent) global experts believe that an arms race is taking place in cyber-space. More than a third (36 per cent) reckon cyber-security is more important than missile defence. Nearly one half of them (43 per cent) identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks. A similar percentage (45 per cent) of respondents said that “cyber-security is as important as border security” (try telling that one to border agents trying to keep Mexican drug traffickers from further encroaching into the US).

Cloud cast shadows over cyber-security picture

Experts quizzed by SDA agreed that greater use of cloud-based technologies and smartphones are complicating the already muddled cyber-security picture. The study highlights a looming skills shortage in cyber-security and a lack of private-sector involvement in cyber-security exercises as potential problems. Striking the difficult balance between maintaining security and protecting individuals’ freedoms is also seen as a puzzler best achieved by “selectively reducing anonymity without sacrificing privacy rights”.

The report goes on to list a series of recommendations including greater global information sharing; financial incentives for improvements in security for both private and public sectors; more powers to law enforcement in order to combat cross-border cybercrime; the formulation of best practice-led international security standards; and diplomatic efforts to resolve mediocre take-up of existing global cyber treaties. Some respondents advocated the establishment of cyber-confidence building measures as alternatives to global treaties.

Finally the report recommended the development of improved public awareness of cyber-security campaigns. Schemes such as Get Safe Online, in the UK, have enjoyed a greater push from security, financial sector firms and government over recent years so it’s hard to see what more can be done in the area of eduction anytime soon.

The report’s authors point to the need for improved real-time sharing of global intelligence as the single most important recommendation of the report.

“The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well-orchestrated attacks into systems,” said Phyllis Schneck, Vice President and CTO of global public sector at McAfee, in a statement. “Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/31/cyberwar_survey/

The Information Commissioner’s Office (ICO) has fined Midlothian council £140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions.

The commissioner said that the five breaches, which took place between January and June 2011, were all serious.

One of them happened when papers about the status of a foster carer were sent to seven healthcare professionals, none of whom had any reason to see the information.

It took place in January 2011 and did not come to light until March, when the council began an investigation. This did not prevent further similar incidents taking place in May and June, however.

In another case, minutes of a child protection conference were sent in error to the former address of the mother’s partner, where they were opened and read by an unauthorised person. The papers also contained personal data about the mother, who made a complaint to her social worker about the incident.

Investigations by the ICO found that all five breaches could have been prevented if the council had put adequate data protection policies, training and checks in place.

Midlothian is the first organisation in Scotland to be fined by the ICO.

In addition to imposing a fine, the information commissioner has ordered Midlothian to improve the security of personal data. The council has said has that it will now check all its records to make sure they are up to date, as well as updating its existing data protection policy to include specific provisions for the handling of personal data by social services staff.

Ken Macdonald, assistant information commissioner for Scotland, said: “The serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.

“I hope this penalty acts as a reminder to all organisations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/31/midlothian_data_breach_fine/

Security researchers are split on the seriousness of an Android “malware” campaign that some estimates suggest may have “infected millions” of smartphones via gaming apps from Google’s Android Market.

“Android.Counterclank” – a piece of code described by Symantec as a Trojan and by Lookout Mobile Security as part of “an aggressive form of ad network” – can be found in over 13 different mobile gaming apps – including Sexy Girls Puzzle and Counter Strike Ground Force – from three different publishers, according to Symantec. The security software biz said that legitimate games are sometimes repackaged with Trojan horse malware and uploaded to the Android Marketplace in order to infect users.

Kevin Haley, a director with Symantec’s security response team, told Computerworld that the apps might have infected anywhere between one and five million users. However, Symantec’s official write-up describes Counterclank as a low-risk threat that is easy to remove, hasn’t spread very far and has probably only infected 1,000 smartphone users.

Both Symantec and rival Lookout acknowledge that Counterclank lifts information from the user’s phone, which includes the browser settings and (in the case of some but not all games) SIM serial and IMEI numbers.

However, while Symantec classes Counterclank as a Trojan, Lookout disagrees.

“Some companies are calling this a botnet or malware. Lookout has some concerns about the functionality, however at this time, and as far as we can tell, it does not meet the standard to be classified as malware or a ‘bot’,” said Lookout. “Consumers should take these apps very seriously as they appear to tread on privacy lines, but they are not necessarily malicious.”

Instead of describing the suspicious apps as Trojans, Lookout characterises Sexy Girls Puzzle and Counter Strike Ground Force as the fruit of a software development kit (SDK) for a mobile advertising network, identified as “Apperhand”, and said it ought to be taken seriously.

“The average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behaviour,” a blog post by Lookout explains. “In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar.”

“Malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud. Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware,” it added.

Lookout researchers wrote that the Apperhand SDK is similar to a previous mobile advertising SDK – ChoopCheec (AKA Plankton) – that “crossed several privacy lines in the data it collected about users” when it first appeared last year.

Even though Plankton has been modified since, it still does a number of things, such as “pushing” notification ads, dropping a search item on desktops or automatically adding bookmarks, that are liable to give more privacy-conscious mobile users the fear. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/30/counterclank_android_malware/

Google, Facebook and other internet heavyweights are collaborating together to back a standard designed to curtail phishing by improving the collaboration between legitimate senders and receivers of emails.

Microsoft, Yahoo and PayPal are teaming up to push DMARC (Domain-based Message Authentication, Reporting Conformance), an email authentication specification designed to make it easier to filter and block spoofed messages that attempt to trick users into handing over personal data or passwords to scam sites.

Email senders often use standards such as SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) for authenticating their messages but email receivers have tended not to rely on the technology because legitimate but unauthenticated messages might be sent from a given domain – ie: they are not necessarily spoofed as adoption of standards by senders is so patchy.

DMARC seeks to codify how email authentication can be introduced into a provider’s infrastructure. Once DMARC is introduced, a sender could set policies to easily request providers to discard unauthenticated email, getting rid of spoofed-domain phishing emails in the process. The specification also creates a mechanism for email providers to send detailed reports back to email senders, creating a feedback loop that would help catch gaps in authentication systems.

Authentication needs support of both receiver and sender

George Bilbrey, co-founder of email certification firm Return Path, said both the organisation sending the emails and the entity that receives them need to support DMARC. However this is not as much a problem as it might seem. Fifteen per cent of emails received by Gmail, for example, already meet DMARC, a standard that has quietly been rolled out by many firms over the 18 months prior to its public launch on Monday.

Bilbrey said DMARC has a good chance of succeeding where other email authentication approaches have come up short because “it already has an installed base and builds on existing standards and technologies”.

“It’s not going to eliminate phishing but is still a big step forward, specifically in preventing spoofed email from domains that support DMARC from getting through,” he told El Reg.

Return Path is one of 15 early backers of DMARC, a cross-industry standard that its backers hope to eventually hope to release as a draft IETF process.

In the past, spammers have often been early adopters of authentication technology. For example, in the early days of SPF, most of the domains that contained valid SPF records were spammer domains.

However Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs), said it would be wrong to dismiss the potential of the new standard simply because previous approaches had misfired. He said: “[DMARC] is important because it enables the owner of an email domain to publish a policy that for the first time defines how *they* want emails from their domain to be handled, rather than leaving it up to the receiving servers to make that judgement. It also means that they can request the receiving servers to feedback via a monitoring channel (an email address or URI) to collect the messages that don’t meet the policy criteria.

“The idea being that they can then see for the first time a much clearer picture of who is spoofing their domains and on what scale. This feedback loop is really there to help them tighten up their policy and define what to do with non-conforming messages – such as drop them, or report them. They can also define what percentage of their email should be blocked, so initially they may elect this to be a low number, increasing it gradually to 100 per cent over time,” he added.

Cost and privacy issues

Wood added a note of caution over the technology, saying that outstanding cost and privacy issues needed to be addressed: “I believe there may be some concerns over the privacy side, particularly when it relates to failed messages being set to an external email address that wasn’t the recipient.

“I’m not sure what the best current practice says about this, but I expect as we see more implementation guidelines appearing over the coming months, these sorts of issues can be addressed. There may be costs associated with the setup, but mostly from a configuration and testing perspective. This is likely to put more pressure on ISPs and mail providers to support these technologies in order to safeguard their clients. We certainly welcome this initiative as it is likely to be very effective at stopping spoofing and phishing attacks,” he added.

The security expert added that DMARC could easily co-exist alongside other more established groups in this area, such as the Anti-Phishing Working Group.

“This new body is different to APWG and others, as it forms the policy decision on what the senders want receivers to do should their messages fail DKIM/SPF. With the weight of some big early adopters it could really help obvious spoofing attempts, and should be seen as complementary to the APWG and other technology such as SPF and DKIM,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/30/dmarc_email_authentication_push/

Police officers investigating allegations of illegal payments to cops as part of a larger probe of News International arrested four journalists on Saturday. All four were either current or former hacks at Rupert Murdoch’s tabloid The Sun. Police also arrested a Metropolitan police service officer at the weekend.

The five men were later bailed by officers working on Operation Elveden.

Significantly, the arrests followed information passed to Scotland Yard directly from News Corp, the Murdoch-run media empire that owns NI.

The five men are also the first suspects to be taken in for questioning outside of anyone working for the company’s now-defunct News of the World Sunday tabloid, which was shuttered as the phone-hacking scandal unraveled last summer.

The Met said in a statement that a 49-year-old man, a 57-year-old man, a 48-year-old man and a 42-year-old man had been arrested at their homes and later bailed to return pending further inquiries in April and May this year.

“All four were arrested on suspicion of corruption under the Prevention of Corruption Act 1906; aiding and abetting misconduct in a public office (contrary to common law) and conspiracy in relation to both these offences,” it added.

A fifth man was also cuffed by officers from Operation Elveden.

It said: “A 29-year-old serving MPS officer was arrested at his place of work at a central London police station on suspicion of corruption under the Prevention of Corruption Act 1906, misconduct in a public office and conspiracy in relation to both these offences.”

The unnamed cop was later bailed to return pending further inquiries in April.

News Corp said that an internal committee tasked with reviewing all NI titles had provided information to Op Elveden cops, which led to the arrests of the four Sun hacks.

The [committee] gave the MPS every assistance during the searches of News International premises while ensuring that all appropriate steps were taken to protect legal and journalistic privilege,” said News Corp in a statement.

“It also provided the option of immediate legal representation to those arrested.

“News Corporation will continue to give its total support to the continued work of the management and standards committee to ensure that legitimate journalism is vigorously pursued in both the public interest and in full compliance with the law.”

The Independent Police Complaints Commission, which is overseeing Op Elveden, said it would continue to consider any referrals from officers working on that investigation on a “case-by-case basis”. It met with officers probing the corruption allegations, prior to the arrest of the serving Met cop on Saturday.

“It will be clear from today’s events that this investigation is following the evidence,” said IPCC deputy chair Deborah Glass.

“I am satisfied with the strenuous efforts being made by this investigation to identify police officers who may have taken corrupt payments and I believe the results will speak for themselves.

“By supervising this important development in Operation Elveden, the IPCC is providing crucial independent oversight in what is a complex criminal enquiry – not just in to allegations of corruption against police officers, but allegations involving members of the media.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/30/op_elveden_arrests_sun_and_cop/

Sky users have joined Virgin Media subscribers in receiving emails directly from Google about its new privacy policy.

Sky customers received the email from the Chocolate Factory warning them about the controversial changes to its privacy policy, which was quickly followed by an email from Sky about the error.

“We understand that you may have recently received an email to this address from Google with the subject title: ‘Changes to Google Privacy Policy and Terms of Service’,” the email read.

“We’d like to apologise for any confusion this email may have caused. It was sent in error and should be ignored.

“Google’s technology supports the Sky email service, and hence supports your @sky.com address. However, as a @sky.com email subscriber, your only relationship is with Sky. Please be reassured that Sky’s Terms and Conditions and Privacy Notice apply and not Google’s.”

However, the thing that most people are taking issue with is how Google had their email address in the first place and what other uses the search giant might be putting those addresses to.

In a FAQ section on the erroneous email, Sky explained that Google had to have everyone’s email address to provide email services to Sky, but the address was the only information the Chocolate Factory had and it hadn’t shared it with anyone else.

A Virgin Media spokesperson said the same thing to The Register.

“All Google literally has is an email address that they provision to us,” he said, adding that the firm needed to know these addresses so it could allocate storage to each address.

He also confirmed that Virgin Media’s privacy policy superseded Google’s so customers would not be affected by the changes.

A Google spokesperson said that the Chocolate Factory was busy informing all its customers about its policy changes, including the administrators of enterprise organisations using Google Apps.

“If an enterprise organisation uses Google Apps to provide email to its own employees or customers, Google is contacting only the administrator at that organisation because it has a contract that defines how we handle and store their data,” the spokesperson said.

“Due to a glitch in our system, we misclassified some Google Apps email accounts as consumer Gmail accounts and mistakenly sent these users email notifications about the Privacy Policy. While Google provides the backend service that powers these users’ email accounts, we do not have any direct relationship with these users and contacted them in error.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/30/sky_users_get_google_privacy_email/

The Russian man named by Microsoft as the mastermind behind the Kelihos botnet has stepped forward to plead his innocence.

Microsoft filed suit in the US last week accusing Andrey Sabelnikov, of St Petersburg, of writing the Kelihos botnet agent and maintaining the network of zombie machines created using the malware to send billions of spam messages. At its peak, the Kelihos botnet included a legion of 41,000 infected machines capable of spewing out 3.8 billion spam emails per day. The network was effectively decapitated by a Microsoft-led takedown operation targeting command control nodes last September.

Sabelnikov, a former employee of Russian security software firm Agnitum, stepped forward late last week to insist he is “absolutely not guilty [and has] never been involved in handling botnets or any other similar programs”. Sabelnikov told the BBC he was “surprised and shocked” at the accusation, adding: “I will prove my innocence.”

Microsoft is standing by its accusation that “Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware”. In addition, the software giant accuses the Russian of “using the malware to control, operate, maintain and grow the Kelihos botnet”.

More specifically the lawsuit alleges that Sabelnikov registered more than 3,700 “cz.cc” subdomains from Czech firm dotFREE Group before using these subdomains to operate and control the Kelihos botnet.

A personal blog post by Sabelnikov denying any involvement in the Kelihos botnet operation can be found here (in Russian). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/30/kelihos_suspect_denial/