Kelihos Botnet Being Expanded, Warn Security Researchers

According to security researchers, the Kelihos botnet is yet being expanded as cyber-criminals include more-and-more PCs into it; reported Help Net Security, August 25, 2014.

A unique strategy is being tried: the bot-masters pretending to be programmers from Russian community make an appeal towards invoking the patriotic feeling of Russian users who're then made to take down software which apparently clandestinely hacks into government websites belonging to nations which recently isolated Russia from their aid programs.

Security experts from the solutions offering company Websense for protection of organizations against Internet assaults as well as data theft determined that the web-link embedded on the spam mail in reality serves the Kelihos Trojan that traps infected PCs into the botnet.

Known with another name Hlux, the Kelihos has myriad capabilities like spewing junk e-mails, filching sensitive information, mining Bitcoins, stealing Bitcoin wallets as well as engaging the infected PCs for executing DDoS (Distributed Denial-of-Service) assaults.

Albeit there have been several shutdown operations on Kelihos botnet by private security firms and law enforcement, still the Kelihos proved resilient and built fresh botnets.

Websense telemetry indicates that barely have the website harboring Kelihos Trojan been accessed; therefore, the current spam operation is likely an effort towards re-constructing the malicious network.

According to Websense researchers, the current incident is differently framed in that it doesn't incite the inquisitive feeling of victims rather invokes their patriotic sentiments. It bluntly states that malicious software would be activated on the users' PCs, however, doesn't reveal what the software would actually do, they explain. Help Net Security published this.

A few e-mails have varied texts, while sometimes recipients are suggested to disable their anti-virus programs whilst executing the software, Websense observes, adding the company is certain about the assault's starting date as 20th August 2014.

Ran Mosessco, Senior Security Researcher at Websense indicates that the sample e-mails which have been assessed till now appear as featuring sniffing and spambot malware, with little DDoS condition seen during initial assessment. Still, organizations letting execution of the malware on their infrastructure could have considerable damage like facing blacklisting, he contends. Securityweek.com published this, August 25, 2014.

» SPAMfighter News - 9/1/2014