Kelihos Botnet Re-emerges, This Time Attacking Social Networks

Immediately following Kelihos.B botnet's dismantling by CrowdStrike, Seculert and Kaspersky Lab on March 28, 2012, those responsible for the peer-to-peer (P2P) botnet, configured the malware again, and disseminated it across social-networking websites, published scmagazine.com.au dated April 2, 2012.

Actually, a PC-Trojan named Fifesock is being leveraged that is targeting social-networking websites so criminal gangs can disseminate the just configured malicious program Kelihos.C onto already contaminated systems.

The impact on the computers begin when their operators who check their Facebook inboxes click a malevolent web-link, which takes them onto a site that lures them with a spurious web-link to an alleged photo album for download. Essentially, if this download is accepted, the Fifesock Trojan infects the computers and plants more malware i.e. Kelihos.C, also called Hlux.

Notably, Seculert has found that over 70,000 users of Facebook have already been contaminated with this Facebook virus.

The security company reports that those cyber-criminals who controlled the earlier Kelihos botnet are continuing to operate the reconfigured one. Moreover, they're now able to retrieve their manipulation of sink-holed systems through the said Facebook virus.

In the meantime, what Seculert says about the Kelihos running active and social isn't wholly surprising.

Security researcher Tillmann Werner from CrowdStrike and Marco Preuss, security specialist from Kaspersky stated that they thought the Kelihos' reappearance was likely though not as early as it had occurred. Threatpost reported this on March 29, 2012.

Moreover, remarking about the above mentioned happenings, Vice President of Research, Gunter Ollmann at Damballa a security firm stated that any plans for dismantling a botnet solely required eliminating the criminals most responsible for the network. He explained that for peer-to-peer types of botnets like the Kelihos, they had minimal infrastructure one could seize upon, while ultimately leading to issuance of instructions to the computers affected with the bot that meant getting involved with ethical and legal hazards. Mbcalyn.com published this on March 30, 2012.

Worryingly, according to Ollmann, cyber-criminals might not really get trapped in the practically Whac-A-Mole game if they managed enforcing algorithms that generated domains on which they could rely to make their botnets up-to-date.

Related article: Kelihos Botnet Containment not over Yet, States Kaspersky

» SPAMfighter News - 4/13/2012