Kelihos botmasters target Russian patriots to expand botnet
Posted on 25.08.2014
The cyber crooks behind the Kelihos botnet are, once again, trying to swell the number of computers included in it.

They are trying a novel approach: posing as a "community Russian programmers," the botmasters are appealing to Russian users' patriotic sense to make them download software that supposedly secretly attacks government websites of countries that have imposed sanctions on Russia.

"The program operates silently, consumes no more than 5% of your online channel, no more than 20MB of traffic per day, and takes almost no processing power," the spam email claims, and provides a clear link to the software.

Unfortunately for those who install it, the offered executable is not an attack software, but a variant of the Kelihos malware, which allows the crooks to gain backdoor access to the target system, send out spam, sniff out passwords, download additional malware, and more.

"What's different about this case is that instead of appealing to the victims' sense of curiosity, the cyber criminals appeal to patriotic sentiments (see details in analysis below), blatantly saying that they will run malware on the intended targets' computers, but without disclosing the true nature of the malware," pointed out Websense researchers.

"The variants we have analyzed so far in this campaign seem to have the spambot and sniffing functionality; no DDoS behavior has been observed during preliminary analysis. Even so, the damage for a business allowing their infrastructure to run such malware could be significant (blacklisting for example)."

The malware variants had initially a very low AV detection rate. The spam campaign in question started on August 20, and in just one day the security company has blocked over 100,000 malicious messages from this campaign.


Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Oct 30th