Security Companies Take Down Kelihos Botnet of Version 2

Researchers collectively from Dell SecureWorks, Kaspersky Labs, The Honeynet Project, and CrowdStrike, very recently, disabled and terminated the Kelihos, alternatively called the Hlux botnet, of version 2 that was much bigger as well compared to its predecessor, published darkreading.com dated March 28, 2012.

Known to have descended from the notorious Storm network-of-bots, the Kelihos was currently within the researchers hold, the latter claimed. To do so, they corrupted the peer-to-peer (P2P) PCs within the network using a code they themselves developed that eventually redirected about 110,000 contaminated PCs towards the researchers' sinkhole server so the botnet-controllers lost hold over the machines.

Kelihos or Hlux that Kaspersky's, Microsoft's along with many other organizations' security researchers shutdown during September 2011 had drawn the attention of researchers after it resurfaced during the recent months within its malicious program's fresh edition. The alleged Kelihos.B/Hlux.B, a P2P network-of-bots reportedly distributed bulk e-mails, stole information as also executed Distributed Denial-of-Service operations similar to its earlier version. However, the botnet had one fresh feature that of seizing electronic wallets and bitcoins, in addition to being capable of infecting flash-drives, the researchers added.

Approximately, 25% of the total 110,000 bot-contaminated systems seem as belonging to Poland, 10% to USA, while the reset to countries like Spain, Turkey, Argentina and India.

Here, Tillmann Werner, Researcher from CrowdStrike remarked that it became evident from the large number of the infected machines within Poland that the Kelihos-owners spent money towards paying additional botnet runners so the latter would disseminate their malware onto PCs within nations where the Pay-Per-Install prices were low. Computerworlduk.com reported this on March 29, 2012.

Meanwhile according to Werner, the contaminated PCs weren't a threat any longer, as no counteractions were visible to the Kelihos-owners hitherto. ZDNet UK published this on March 28, 2012.

Also, considering that the botnet was the fifth one in the series including Waledac and Storm bots, the Kelihos perpetrators weren't likely to surrender while would possibly build another one, Werner contended.

Nevertheless, according to Kaspersky, all information the researchers gathered regarding Kelihos.B were getting forwarded to the agencies of law-enforcement for facilitating further investigation.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 4/5/2012