After having initially declined to comment the suit until he has the chance to consult with his lawyer, Piatti and the company have eventually decided to cooperate with Microsoft by voluntarily providing information and evidence that convinced the company that they did not control the subdomains used to host the botnet, which resulted in Microsoft dropping the suit both against them.
"As part of the settlement, Mr. Piatti has agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft," wrote Richard Boscovich, Senior Attorney with Microsoft's Digital Crimes Unit. "Additionally, Mr. Piatti and dotFREE Group have agreed to work with us to create and implement best practices to prevent abuse of free subdomains and, ultimately, apply these same best practices to establish a secure free Top Level Domain as they expand their business going forward."
On its site, the dotFree company has confirmed that "the controllers of the Botnet found a way to abuse a popular free subdomain provider (http://cz.cc also developed by dotFree's founders), and were using those domains as a part of their operations."
"As a provider of free service we were always concerned by the potential for abuse, and learned (sometimes the hard way) that security should never be underestimated," it says in the statement. "No one wants to be handed a thick binder by a stranger at your nearby coffee shop saying 'Microsoft is suing you'!"
The suit against the 22 John Does still remains open, and Microsoft has now focused its investigation on uncovering them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.