[UPDATED] Kelihos Botnet Gaining Momentum
Last September of 2011, Microsoft and an anti-malware security company had joined forces to take down Kelihos, a botnet capable of sending out billions of spam in a day. These spam are related to pornography, Viagra, and fake pharmaceutical companies to name a few. Now, there is reason to believe that machines once infected by the Kelihos bot are, once again, back in their old spamming routine.
“The resurrection highlights the difficulty of permanently severing botnets from the Internet.” writes Dan Goodin of Ars Technica. “Because Kelihos used peer-to-peer technology, it was disrupted—or “sinkholed,” in takedown parlance—by seeding the network with machines that caused their peers to take orders from benign channels under the control of white hats. The takedown process never actually removed the underlying malware from infected machines, making it possible for the attackers to one day regain control of them.”
You can read more about it here. Take note of the Update section at the end of the article.
Related article:
Update (02/07/2012): After reports of Kelihos being “alive and well again” went at large, Microsoft wrote a blog to clarify the matter. They have now observed that a new malware variant of the Kelihos bot is being distributed to create a new botnet. Continuous observations on Kelihos-infected machines and analysis of samples of this new bot have determined that the original Kelihos botnet is not being reused by their herders.
Jovi Umawing
