Kelihos Botnet Still at Work, Security Experts Say
While Kaspersky, Dell and others may have disrupted the Kelihos, experts with Seculert and Damballa say cyber-criminals are still spreading the botnet.Security researchers from Kaspersky Lab, Dell SecureWorks and other places generated a lot of headlines this week with their announcement that they had taken down a new version of the Kelihos peer-to-peer botnet. In a March 28 post on Kasperskys SecureList blog, Stefan Ortloff, a security expert with the company, said that the sinkhole operationdesigned to draws infected computers away from the botnets command-and-control (C&C) server and out of reach of the botnets operatorswas successful in disabling the newest version of Kelihos, which was first discovered in January.
"After a short time, our sinkhole-machine increased its 'popularity' in the networkwhich means that a big part of the botnet only talks to a box under our control," Ortloff wrote. "We also distributed a specially crafted list of job servers. This prevents the bots from requesting new commands from the malicious bot-herders. At this point, the bots can no longer be controlled by the bad guys."