Update on the Kelihos botnet
Posted on 06.02.2012
Reports that the Kelihos botnet is back online and that its original operators are again trying to take over its reigns have been premature, says Microsoft.

"Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time," commented Microsoft's Richard Boscovich. "However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet. This does not mean that the Kelihos botnet we took down is back in operation, but that a new version of Kelihos malware known as “Backdoor:Win32/Kelihos.B” is being used to create a new botnet."

"Kaspersky has reported no loss of control of the peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos C&C and backup infrastructure remains down, but it appears new botnet infrastructure may be being built with the new variant of Kelihos malware," he added.

Since its takedown, Microsoft alone has cleaned nearly 28,000 of the computers of the 41,000 or so roped into the botnet. All in all, it is believed that less than 10,000 computers still harbor Kelihos' malware.

The new Kelihos malware variant is detected by the Malicious Software Removal Tool (MSRT).


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th