Kelihos botnet rises up again
Posted on 03.02.2012
Kelihos - the botnet whose operation was disrupted last September by Microsoft and Kaspersky Lab by shutting down its C&C servers and making its bots contact a sinkhole instead - is back and working.

There's not much the involved security specialists can do about it. Sinkholing it was a temporary measure, and they knew that sooner or later its botherders would be able to regain control of the bots.

The botnet is not back to its full strength of some 45,000 computers, but it is getting there, say the researchers.

New variants of the malware have been detected mere hours after the botnet takedown was publicly confirmed, and these variants are using updated encryption mechanisms and keys in order to hide the bots' communication with the C&C servers.

"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," commented Ram Herkanaidu, a security researcher with Kaspersky Lab, for TechWorld.

"It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list," points out Kaspersky Lab Expert Maria Garnaeva.

News of the botnet's resurrection comes after last week's revelation of a suspected Kelihos malware author/ botnet operator, who has denied the charges laid against him.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th