A Botnet Closely Related to Waledac Emerges: Microsoft
According the security professionals, a botnet designed to steal credentials has surfaced, while the Digital Crimes Unit of Microsoft adds that instead of Waledac it's another botnet which is closely related. Infosecurity-us.com reported this on February 9, 2011.
With remarkable likeness to Waledac, the newly emerging botnet named 'Kelihos' apparently appeared from the time the holidays started, but, according to Senior Program Manager T.J. Campana of Microsoft Digital Crimes Unit, this one represents a threat, which's completely different. Infosecurity-us.com published this.
Furthermore, Campana substantiates that Waledac continues to be inactive; nevertheless, Kelihos owns one fresh code system whose fingerprints are identical to those of the old Waledac.
Subsequently, Campana highlights the features that are common to Waledac and Kelihos. These according to him are: they both utilize a P2P file-sharing protocol to send and receive messages; and they utilize domain names in connection with fallbacks, therefore their sharing of peering information is the same. The code system, though, is altered and such alterations keep occurring as fresh editions of the Trojan are released, Campana adds.
Campana also says that both the 'security industry' examining the new botnet, and the 'Microsoft Digital Crimes Unit' professionals have seen that the communication techniques among the infected PCs of Kelihos and those among the PCs of Waledac are extremely similar. EWeek.com reported this during the 1st week of February 2011.
In fact, when Microsoft's malware Protection Center analyzed Kelihos it found that it was utilizing fast-flux pretty similar to Waledac.
Says Campana, criminals as well as networks perpetrating crime frequently utilize a code that remains the same, each time, as a means for saving effort and time. But, in the current instance, albeit the same code is employed, still the infrastructures of the two botents are completely different that makes Kelihos distinct from Waledac.
But Brett Stone-Gross a Threat Analyst with LastLine a security company isn't so certain.
He says that Kelihos and Waledac 2.0 aren't different botnets rather they're the same. Moreover, the controllers of the two are identical, while the malware, architecture, and propagation technique are literally alike too, he adds. EWeek.com reported this.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 18-02-2011