Kelihos botnet rises up again
Posted on 03.02.2012
Kelihos - the botnet whose operation was disrupted last September by Microsoft and Kaspersky Lab by shutting down its C&C servers and making its bots contact a sinkhole instead - is back and working.

There's not much the involved security specialists can do about it. Sinkholing it was a temporary measure, and they knew that sooner or later its botherders would be able to regain control of the bots.

The botnet is not back to its full strength of some 45,000 computers, but it is getting there, say the researchers.

New variants of the malware have been detected mere hours after the botnet takedown was publicly confirmed, and these variants are using updated encryption mechanisms and keys in order to hide the bots' communication with the C&C servers.

"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," commented Ram Herkanaidu, a security researcher with Kaspersky Lab, for TechWorld.

"It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list," points out Kaspersky Lab Expert Maria Garnaeva.

News of the botnet's resurrection comes after last week's revelation of a suspected Kelihos malware author/ botnet operator, who has denied the charges laid against him.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th