Microsoft and Kaspersky Lab took down the Kelihos botnet last September using “sinkholing” method, but Kaspersky Lab reports that Kelihos botnet comeback with a new avatar.
The earlier version of Kelihos botnet has reportedly infected more than 41,000 computers around the world, not as large as Rustock botnet, but it was capable of sending 3.8 billion spam mails per day. Recently, Kaspersky Lab come across a new samples of Kelihos botnet, come with a new techniques. This new variant use the updated Encryption key method and algorithms.
After investigating the malware samples, Kaspersky lab come to the following conclusion: “It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list. ”
“We believe that the most effective method to disable a botnet is finding the people who are behind it. Let’s hope that Microsoft will carry out its investigation to the end.” Kaspersky Lab says.