Update on the Kelihos botnet
Posted on 06.02.2012
Reports that the Kelihos botnet is back online and that its original operators are again trying to take over its reigns have been premature, says Microsoft.


"Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time," commented Microsoft's Richard Boscovich. "However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet. This does not mean that the Kelihos botnet we took down is back in operation, but that a new version of Kelihos malware known as “Backdoor:Win32/Kelihos.B” is being used to create a new botnet."

"Kaspersky has reported no loss of control of the peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos C&C and backup infrastructure remains down, but it appears new botnet infrastructure may be being built with the new variant of Kelihos malware," he added.

Since its takedown, Microsoft alone has cleaned nearly 28,000 of the computers of the 41,000 or so roped into the botnet. All in all, it is believed that less than 10,000 computers still harbor Kelihos' malware.

The new Kelihos malware variant is detected by the Malicious Software Removal Tool (MSRT).






Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //