Kelihos botnet claws its way out of the grave

Feb 3, 2012
2

We have some bad news today for haters of spam everywhere. Apparently, the Kelihos botnet that Microsoft and Kaspersky Lab shutdown in September 2011 is making a comeback. The botnet is spamming once again. The botnet was able to infect 45,000 computers before being shutdown and was sending out 4 billion spam messages a day. The spam messages flooded the web with promotions for porn, illegal drugs, and other scams.

Microsoft and Kaspersky Lab were able use some sort of technical means to get the 45,000 computers that make up the botnet to communicate with what they called a "sinkhole" which was a computer that the two firms controlled. The problem was the computers that were infected with the software for the botnet were still unclean. It was known from the get go that eventually that the nefarious sorts in command of the botnet would regain control.

Microsoft and Kaspersky could have used the communications with their sinkhole computer to force the infected machines to clean their act up, but in some countries, that act would have been illegal. Apparently, there are also new variants of Kelihos using new forms of encryption to hide the mass communication between the slaves and the botnet controllers. One researcher has also pointed out that there are two different RSA keys being used, indicating that two nefarious groups may be controlling the botnet. All this really means for normal Internet users is that we can probably expect an increase in spam.

[via Techworld]


Must Read Bits & Bytes