A new botnet using a variant of Kelihos

A new botnet using a variant of Kelihos

تاریخ ایجاد

ID: IRCNE2012021393
Date: 2012-02-07

Acording to “Computerworld”, contrary to reports, the Kelihos botnet has not crawled out of the grave, Microsoft said last week. But the company acknowledged that a new botnet is being assembled using a variant of the original malware.
The reappearance of a Kelihos-like army of hijacked computers shows just how difficult it is to eradicate a botnet, security experts said today.
"It's not possible in most cases," said a senior researcher with the antivirus company Kaspersky Lab. "What you're going for is disruption more than anything."
Manager of operations at Symantec's security response team, agreed and said that there was only one way to insure a botnet's death. "If you get to the people behind it, that will be the most successful," he said. "But international borders and the lack of cross-country cooperation makes that a difficult road to go down."
Kelihos was taken offline last September when Microsoft, using a federal court order, led efforts to shut down domains used by the command-and-control (C&C), severing links between the compromised computers and their order-giving master.
Talk of a Kelihos resurrection was sparked last week by Kaspersky, which said it had found signs of new malware built on the Kelihos code. The implication was that Kelihos had returned from the dead and was again spamming users.
Not so, said a senior attorney in Microsoft's Microsoft digital crimes unit. "Kaspersky has reported no loss of control of the [Kelihos] peer-to-peer operations and Microsoft researchers have confirmed this week that the original Kelihos C&C and backup infrastructure remains down, but it appears [a] new botnet infrastructure may be being built with the new variant of Kelihos malware," he said.
Kaspersky confirmed that on Monday. "The botnet we took down is still under control and infected machines are not receiving commands from the C&C centre, so they are not sending spam," chief security expert at Kaspersky said in a statement. "But new samples which are monitored by us continue to get orders from spammers and send spam so far. It means that we are dealing with another botnet."
The appearance of that new botnet illustrates the difficulty researchers, software vendors and authorities have in exterminating a botnet.

Related Likns:
Microsoft kills botnet that hosted MacDefender scareware

برچسب‌ها