Kelihos botnet rises up again
Posted on 03.02.2012
Kelihos - the botnet whose operation was disrupted last September by Microsoft and Kaspersky Lab by shutting down its C&C servers and making its bots contact a sinkhole instead - is back and working.

There's not much the involved security specialists can do about it. Sinkholing it was a temporary measure, and they knew that sooner or later its botherders would be able to regain control of the bots.

The botnet is not back to its full strength of some 45,000 computers, but it is getting there, say the researchers.

New variants of the malware have been detected mere hours after the botnet takedown was publicly confirmed, and these variants are using updated encryption mechanisms and keys in order to hide the bots' communication with the C&C servers.

"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," commented Ram Herkanaidu, a security researcher with Kaspersky Lab, for TechWorld.

"It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list," points out Kaspersky Lab Expert Maria Garnaeva.

News of the botnet's resurrection comes after last week's revelation of a suspected Kelihos malware author/ botnet operator, who has denied the charges laid against him.


Best practices for ensuring compliance in the age of cloud computing

Here are the major considerations organizations should incorporate into their compliance programs, as well as pitfalls that can be avoided to ensure businesses stay compliant while using cloud computing.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Sep 3rd