Kelihos botnet rises up again
Posted on 03.02.2012
Kelihos - the botnet whose operation was disrupted last September by Microsoft and Kaspersky Lab by shutting down its C&C servers and making its bots contact a sinkhole instead - is back and working.

There's not much the involved security specialists can do about it. Sinkholing it was a temporary measure, and they knew that sooner or later its botherders would be able to regain control of the bots.

The botnet is not back to its full strength of some 45,000 computers, but it is getting there, say the researchers.

New variants of the malware have been detected mere hours after the botnet takedown was publicly confirmed, and these variants are using updated encryption mechanisms and keys in order to hide the bots' communication with the C&C servers.

"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," commented Ram Herkanaidu, a security researcher with Kaspersky Lab, for TechWorld.

"It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list," points out Kaspersky Lab Expert Maria Garnaeva.

News of the botnet's resurrection comes after last week's revelation of a suspected Kelihos malware author/ botnet operator, who has denied the charges laid against him.


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Sep 18th