Kelihos botnet, once crippled, now gaining strength
Microsoft and Kaspersky Lab are now seeing the botnet it shutdown in September coming back to life
IDG News Service - A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.
The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams.
But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled.
But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet's complex infrastructure of proxy servers and communication nodes to regain control.
In fact, it happened shortly after the researchers intervened. Sinkholing the botnet was only a temporary solution.
"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," said Ram Herkanaidu, security researcher and education manager for Kaspersky Lab.
Meddling with another person's computer could be considered a form of hacking, even with the best intentions of security researchers. Unfortunately, it appears that many of the machines infected with Kelihos are now controlled by the bad guys again.
There are also other new variants of Kelihos that are using updated forms of encryption to mask the communication with the botnet controllers, Herkanaidu said. Maria Garnaeva, a researcher with Kaspersky Lab, wrote that two different RSA keys are being used for encryption, which means it is possible two different groups are controlling Kelihos.
The resurrection of Kelihos comes as Microsoft last week amended a civil suit in the U.S. District Court for the Eastern District of Virginia to name a Russian man it believes is responsible for the botnet.
The man, Andrey N. Sabelnikov of St. Petersburg, freelanced for a software development company and formerly worked as a software engineer for a computer security software company.
After his name was widely published in media reports, Sabelnikov denied he was responsible and told the BBC, "I will prove my innocence."
Even if Sabelnikov is eventually criminally charged by U.S. prosecutors, Russia's constitution prohibits extradition of its own citizens.
Microsoft said it is working with Kaspersky on studying the latest Kelihos developments. The company remains committed to following its botnet cases and intends to hold those responsible accountable for their actions, said Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, in a statement.
Send news tips and comments to email@example.com
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts