Update on the Kelihos botnet
Posted on 06.02.2012
Reports that the Kelihos botnet is back online and that its original operators are again trying to take over its reigns have been premature, says Microsoft.

"Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time," commented Microsoft's Richard Boscovich. "However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet. This does not mean that the Kelihos botnet we took down is back in operation, but that a new version of Kelihos malware known as “Backdoor:Win32/Kelihos.B” is being used to create a new botnet."

"Kaspersky has reported no loss of control of the peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos C&C and backup infrastructure remains down, but it appears new botnet infrastructure may be being built with the new variant of Kelihos malware," he added.

Since its takedown, Microsoft alone has cleaned nearly 28,000 of the computers of the 41,000 or so roped into the botnet. All in all, it is believed that less than 10,000 computers still harbor Kelihos' malware.

The new Kelihos malware variant is detected by the Malicious Software Removal Tool (MSRT).


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th