A quick update on spambot Kelihos

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

A quick update on spambot Kelihos
Botnet Kelihos, Storm, Waledac
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-12-10
Editor/Conference Abuse.ch
Link http://www.abuse.ch/?p=4878 (Archive copy)
Author
Type

Abstract

In March 2012 I blogged about Kelihos, a Spambot that was shut down in September 2011 by Microsoft, but came back in January 2012.

Various security researchers believe that Kelihos (also known Hlux) is the replacement of the famous Storm Worm, which was active in 2007 and replaced by Waledac in 2009. Today I asked myself: What kind of evolution did Kelihos have during this year, so I decided to have a quick look at recent Kelihos binaries and compare their behaviour with the behaviour of the binaries I saw back in March 2012.

Bibtex

 @misc{empty</strong>2012BFR1263,
   editor = {Abuse.ch},
   author = {},
   title = {A quick update on spambot Kelihos},
   date = {10},
   month = Dec,
   year = {2012},
   howpublished = {\url{http://www.abuse.ch/?p=4878}},
 }