Kelihos gang building new botnet, researchers say
The cybercriminal gang behind the sinkholed Kelihos botnet can easily regain control over a part of it
IDG News Service - The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert.
Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday.
The researchers used a method called sinkholing, which involves infiltrating the botnet's peer-to-peer (P2P) network with rogue clients and tricking the other peers to report back to command and control servers under their control.
However, one day after the successful sinkholing operation was announced, malware experts from security firm Seculert reported that the Kelihos gang had already started building a new botnet.
The Kelihos gang pays the creators of a Facebook worm to install their Trojan horse on already infected computers. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan, Seculert security researchers said in a blog post on Thursday.
However, the Kelihos gang can also leverage the Facebook worm to regain control of the Kelihos bots sinkholed by Kaspersky and its partners, since the worm is still installed on those machines. All it needs to do in order to bypass the sinkhole is pay the worm's operators to reinfect those computers with the new Kelihos version, said Aviv Raff, Seculert's chief technology officer, in email.
Sinkholing alone does not result in the complete takedown of botnets, because it doesn't impact the cyber criminals that operate them or their distribution infrastructure, said Gunter Ollmann, vice president of research at security company Damballa, in a blog post on Thursday.
"If you're going to take down a botnet you have to take out the criminals at the top. It's the only way," Ollmann said. "In the case of P2P-based botnets, there's very little infrastructure you can get your hands on -- and you'll probably end up having to issue commands to botnet victim devices -- which is fraught with legal and ethical problems."
Ollmann believes that a similar group of researchers will probably attempt to sinkhole the new Kelihos botnet in the future. Unfortunately, cyber criminals can easily escape from this virtual game of Whac-A-Mole by implementing domain generation algorithms as a backup strategy for updating their botnets, he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Malware and Vulnerabilities White Papers |