Microsoft neutralizes Kelihos botnet, names defendant in case

From Botnets.fr
Revision as of 16:24, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Microsoft neutralizes Kelihos botnet, names defendant in case
Botnet Kelihos
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group Operation b79
Vulnerability
CCProtocol
Date 2011 / 27 Sep 2011
Editor/Conference Microsoft
Link http://blogs.technet.com/b/microsoft blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx blog.technet.com (blog.technet.com Archive copy)
Author Richard Domingues Boscovich
Type

Abstract

Building on the recent successes of the Rustock and Waledac botnet takedowns, I’m pleased to announce that Microsoft has taken down the Kelihos botnet in an operation codenamed “Operation b79” using similar legal and technical measures that resulted in our previous successful botnet takedowns.

Kelihos, also known by some as “Waledac 2.0” given its suspected ties to the first botnet Microsoft took down, is not as massive as the Rustock spambot. However, this takedown represents a significant advance in Microsoft’s fight against botnets nonetheless. This takedown will be the first time Microsoft has named a defendant in one of its civil cases involving a botnet and as of approximately 8:15 a.m. Central Europe time on Sept. 26th, the defendants were personally notified of the action.

The Kelihos takedown is intended to send a strong message to those behind botnets that it’s unwise for them to simply try to update their code and rebuild a botnet once we’ve dismantled it. When Microsoft takes a botnet down, we intend to keep it down – and we will continue to take action to protect our customers and platforms and hold botherders accountable for their actions.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR958,
   editor = {Microsoft},
   author = {Richard Domingues Boscovich},
   title = {Microsoft neutralizes Kelihos botnet, names defendant in case},
   date = {27},
   month = Sep,
   year = {2011},
   howpublished = {\url{http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx blog.technet.com}},
 }