Your one-stop web resource providing safety and security information to manufacturers

The Kelihos botnet is still alive.

Even after security folks this week neutralized the bot for a second time, Kelihos-B, which was a Facebook worm over recent weeks, is still active and spreading, said Seculert officials. CrowdStrike and Kaspersky Labs brought down the bot earlier this week.

Botnet Rises and Falls AgainMicrosoft Seizes Zeus Servers
Reprise for Kelihos Botnet
Smart Malware on Growth Curve
Malware has Bots Acting as C&C Server

This botnet is the remnants of Kelihos-B rather than a new variant of the malware, Seculert said.

The findings said sink-holing 109,000 backdoored machines infected with the spam-spewing and credential-stealing Kelihos Trojan may not have disabled the entire bot network.

Schneider Bold

“Very little time passed yesterday [Wednesday] between action being taken against the second Kelihos botnet and the appearance of a new variant said to be spreading via Facebook,” said David Harley, senior research fellow at antivirus biz ESET.

“For the time being, the teams involved in the partial disabling of the Kelihos botnet, have implemented another pretty good temporary fix.

“Sink-holing has twice reduced the effectiveness of Kelihos botnets by effectively disabling and diverting communications from infected machines to a system that is now under the control of the good guys. However, there‚Äôs a significant risk that machines that are still infected are also likely to fall prey to a new Kelihos botnet, apart from the risks to currently uninfected machines.”

Harley added those possessing the Kelihos source code can tweak the malware to evade future attempts to neutralize it.

Pin It on Pinterest

Share This