Kelihos Botnet Resurfaces With New Security Measures
By on February 4th, 2012

Last September, Microsoft and the Kaspersky Labs claimed a big win on the Kelihos botnet, when they took control of the infected computers. Kelihos was sending 4 billion spam messages a day, and it covers all kinds of spam including pharmaceuticals and stocks. Researchers devised an interesting mechanism to direct all the infected computers to communicate with a “sinkhole” or a computer they controlled. In spite of these stringent measures, Kelihos has started showing its face again, and very soon, its owners might regain control.

Not only has Kelihos started showing back on the radar, it is using new encryption techniques to hide its communications. A researcher at Kaspersky has also noted that two different RSA keys are being used; indicating that there might be two different groups controlling Kelihos.

Although researchers can install updates or clean up the infected computers, it is against the law in many geographical regions. A few days ago, Microsoft named Andrey N. Sabelnikov, a Russian citizen, guilty of running Kelihos. However, Russia does not allow extradition of its citizen, and he cannot be brought to a trial. Kaspersky Securelist investigated into the matter, revealing some interesting facts, like

Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralization of the original Hlux/Kelihos botnet.

Clearly, shutting down the Kelihos botnet will be a big challenge, and it will be interesting to see how far Microsoft and Kaspersky go in this case.

Tags: , ,
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN