Microsoft thinks that one of its former virus experts is the brains behind the Kelihos botnet.
The botnet controlled about 41,000 machines at its peak, and Microsoft thinks it was developed by russian citizen Andrey Sabelnikov. Kelihos was used for sending out spam and spreading malware until it was "neutralised" in September 2011.
Microsoft told a US court that Sabelnikov wrote the code for and either created, or participated in creating, the Kelihos malware. He used the malware to control, operate, maintain and grow the Kelihos botnet. Sabelnikov is currently working on a freelance basis with a software development and consulting firm.
Before that he worked as a software engineer and project manager at "a company that provided firewall, antivirus and security software" which is believed to be Agnitum.
Update:
We were contacted by Microsoft and it seems Sabelnikov was never actually employed by Redmond. He worked for an insecurity outfit and was in no way affiliated with Microsoft. We apologize for any inconvenience this may have caused.