Update on the Kelihos botnet
Posted on 06.02.2012
Reports that the Kelihos botnet is back online and that its original operators are again trying to take over its reigns have been premature, says Microsoft.


"Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time," commented Microsoft's Richard Boscovich. "However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet. This does not mean that the Kelihos botnet we took down is back in operation, but that a new version of Kelihos malware known as “Backdoor:Win32/Kelihos.B” is being used to create a new botnet."

"Kaspersky has reported no loss of control of the peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos C&C and backup infrastructure remains down, but it appears new botnet infrastructure may be being built with the new variant of Kelihos malware," he added.

Since its takedown, Microsoft alone has cleaned nearly 28,000 of the computers of the 41,000 or so roped into the botnet. All in all, it is believed that less than 10,000 computers still harbor Kelihos' malware.

The new Kelihos malware variant is detected by the Malicious Software Removal Tool (MSRT).






Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //