A quick update on spambot Kelihos
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| A quick update on spambot Kelihos | |
|---|---|
| Botnet | Kelihos, Storm, Waledac |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-12-10 |
| Editor/Conference | Abuse.ch |
| Link | http://www.abuse.ch/?p=4878 (Archive copy) |
| Author | |
| Type | |
Abstract
“ In March 2012 I blogged about Kelihos, a Spambot that was shut down in September 2011 by Microsoft, but came back in January 2012.
Various security researchers believe that Kelihos (also known Hlux) is the replacement of the famous Storm Worm, which was active in 2007 and replaced by Waledac in 2009. Today I asked myself: What kind of evolution did Kelihos have during this year, so I decided to have a quick look at recent Kelihos binaries and compare their behaviour with the behaviour of the binaries I saw back in March 2012.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1263,
editor = {Abuse.ch},
author = {},
title = {A quick update on spambot Kelihos},
date = {10},
month = Dec,
year = {2012},
howpublished = {\url{http://www.abuse.ch/?p=4878}},
}