Kelihos/Hlux botnet comeback with new Techniques

Microsoft and Kaspersky Lab took down the Kelihos botnet last September using “sinkholing” method, but Kaspersky Lab reports that Kelihos botnet comeback with a new avatar.

The earlier version of Kelihos botnet has reportedly infected more than 41,000 computers around the world, not as large as Rustock botnet, but it was capable of sending 3.8 billion spam mails per day. Recently, Kaspersky Lab come across a new samples of Kelihos botnet, come with a new techniques.  This new variant use the updated Encryption key method and algorithms.

After investigating the malware samples, Kaspersky lab come to the following conclusion: “It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions. The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list. ”

“We believe that the most effective method to disable a botnet is finding the people who are behind it. Let’s hope that Microsoft will carry out its investigation to the end.” Kaspersky Lab says.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s