In September 2011, the Microsoft Digital Crimes Unit successfully shutdown the Kelihos spam botnet and - for the first time - named a defendant in a civil case against the perpetrators. On January 23, 2012, the Microsoft Digital Crimes Unit named a new defendant in the civil charges - a defendant that is allegedly a former employee of an antivirus vendor.
According to the amended complaint, "Microsoft alleges that Andrey N. Sabelnikov, a citizen of Russia, is responsible for the operations of the Kelihos botnet." The revision further explains, "On Oct. 26, we successfully settled with defendants Dominique Alexander Piatti and dotFREE Group, allowing us to dismiss the case against them. Today, thanks to their cooperation and new evidence, we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet."
The statement, from Richard Domingues Boscovich, a Senior Attorney for the Microsoft Digital Crimes Unit, then goes on to read that Sabelnikov is alleged to have written "the code for and either created, or participated in creating, the Kelihos malware."
The amended complaint filed by Microsoft states that "Defendant Andrey N. Sabelnikov is an individual residing in St. Petersburg, Russian Federation. Defendant currently works on a freelance basis for a software development and consulting firm. Prior to his current employment, Defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software.
According to a BBC News report, a LinkedIn profile for an Andrey N. Sabelnikov claims previous employment at Agnitum, a security vendor in St. Petersburg, Russia that is best known for Outpost Firewall. A spokesperson for the company confirmed with BBC news that "Andrey Sabelnikov worked at Agnitum from 2005 till 2008."
It's worth noting that the first variants - considered very 'alpha stage' - did not appear until the latter part of 2009, which is pretty good indication that the malware was not created during Sabelnikov's time at Agnitum. Despite the facts, it's likely to fuel the misguided conspiracy theories that antivirus vendors write and distribute malware in order to sell more antivirus software.