Accused Kelihos malware mastermind protests his innocence

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Andrey Sabelnikov's LinkedIn photographAndrey Sabelnikov, who Microsoft accused last week of being the mastermind behind the Kelihos botnet, has protested his innocence.

The 31-year-old programmer from St Petersburg became the subject of headlines around the world after Microsoft told US courts that they believed he created the Kelihos malware, and alleged that he “used the malware to control, operate, maintain and grow the Kelihos botnet”.

According to Microsoft, up to 4 billion spam emails were sent every day by computers infected by the malware and commandeered into the Kelihos botnet.

What particularly raised eyebrows is Sabelnikov’s background – which includes a stint working as a senior developer and product manager at Agnitum, a Russian firm well-known for its firewall and other security software.

Sign up to our free newsletter.
Security news, advice, and tips.

There is no suggestion that Agnitum are connected with the allegations, or that their security software – which includes anti-virus products – are compromised in any way.

Sabelnikov, however, hasn’t taken the accusations lying down. Instead, he’s turned to his LiveJournal account where he posted a statement:

Statement by Sabelnikov

Part of Sabelnikov’s statement reads (after translation by Google):

I did not commit this crime, have never participated in the management of botnets and any other similar programs, and especially not extracted from it any benefit.

Sabelnikov’s blog entry also explains that news of the charges leveled by Microsoft broke while he was on a business trip to the United States. However, he decided to cut short his trip to return home to Russia.

What remains unclear is what will happen next in this case. Russian law forbids the extradition of its citizens to face trial in foreign countries, so it seems it will be Sabelnikov’s decision whether he chooses to argue his innocence in a US court of law.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.