Kelihos, Waledac and Storm malware believed to have same author

The recent takedown of the Kelihos botnet by Microsoft has received a lot of attention, despite the fact that the botnet is rather small (around 41,000 computers located worldwide).

The reason behind this is that it was the first time that a defendant was named in the suit filed by Microsoft and was notified of the action.

According to Microsoft, the Kelihos botnet is thought to be an attempt to rebuild the Waledac botnet. Having analyzed the code of the Kelihos malware, Pierre-Marc Bureau, senior malware researcher at antivirus company ESET, posits that its author is the same person (or group of people) who has developed the Storm worm and the Waledac malware.

In this podcast recorded at Virus Bulletin 2011, he talks about how tracking malware authors’ evolving skills can help security professionals and companies fight cybercrime. He also shares the specific discoveries that lead him the aforementioned conclusions about the authorship of the Kelihos, Waledac and Storm malware.

Listen to the podcast here.

Pierre-Marc Bureau is responsible of investigating trends in malware and finding effective techniques to counter these threats. Prior to joining ESET, he worked for a network security company where he was senior security analyst.

Pierre-Marc Bureau finished his Master degree in computer engineering at Ecole Polytechnique of Montreal in 2006. His studies focused mainly on the performance evaluation of malware. He has presented at various international conferences including Recon, Infosec, and Virus Bulletin. His main interests lie in reverse engineering, application and network security.

Don't miss