As Bot-masters continue abundantly, the Kelihos Resurges

Researchers from Kaspersky Lab the security company disclose that the technique with which they stopped the Kelihos/Hlux bonnet from operating is called 'sinkholing,' which features certain advantages for itself, however, they simultaneously realized one thing i.e. incase the bot-masters continue to remain abundantly, they can re-build likewise networks of bots, reported Softpedia in news on January 31, 2012.

Kelihos, according to the researchers, has been found in new variants and they quite resemble the earlier build. However, one distinction is with respect to their communication protocol as well as their encryption method accompanied with the packaging pattern of their spam messages.

Accordingly, Kelihos' most recent version has an altered sequence for encrypting of activities wherein each of the operations occurs in the opposite direction while encrypting a spam mail. It's widely known that unlike crude binary data, the compression of text strings is relatively much more effective. The first hierarchy contains several strings like spam templates, e-mails and so on. Hence, there's no sense in utilizing zlib compression post the encoding of a hierarchy within the recent Kelihos/Hlux variant: the packaged messages grows in size devoid of any additional benefit. Seemingly, somebody got hold of Kelihos' source-code while simply wished for giving future bots a new appearance via rearranging the encryption stages, published SecureList dated January 31, 2012,

Furthermore, the newer variants reportedly, have altered encryption codes, which's pretty expectable. Subsequently, the RSA codes necessary for authorizing the hierarchy's portions, based on the controllers' Internet Protocol as well as update websites along with the matching, commonly available RSA codes inside the infected bots too underwent alteration.

Significantly, every hierarchy uses 2 separate RSA codes that suggest that possibly 2 separate groups own each code as well as control the botnet, presently.

In the end, the style of packaging is also distinct, as in the current version, each package contains the computed checksum of data within its header.

Nonetheless, according to Kaspersky researchers, deactivating a botnet wholly was just not possible via compromising the command-and-control servers rather the deactivation could best be done via identifying the persons operating the network, reported Softpedia.

» SPAMfighter News - 06-02-2012

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial