29 Mar 2012
Windows 7 Home Premium x64 SP1
Kaspersky Knocks Down Kelihos Botnet Again, But Expects Return
For the second time in six months, researchers from the Russian antivirus company, Kaspersky Lab, carried out an operation to take down the newest iteration of the Kelihos botnet, also known as "Hlux."
Microsoft and Kaspersky worked together in September, 2011, on the first Kelihos take-down. The bot then resurfaced in January only to be shut-down again this month by a combination of private firms including Kaspersky, Dell Secure Works and Crowd Strike Inc.
Kelihos is used to send spam, carry out DDoS attacks, and steal online currency such as bitcoin wallets. It operates as a so-called "peer-to-peer" bot network, which are more difficult to take down than those with a centralized command and control servers (C&C), according to Tillmann Werner, a senior researcher at CrowdStrike. Peer-to-peer botnets are distributed, self-organizing, and may have multiple command and control servers that disguise themselves as peers. In Kelihos’s case, there were three C&C servers and each had two unique IP addresses, he said.
|My System Specs || |