Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet
Hlux-kelihos-kaspersky.jpg
Botnet Kelihos, Hlux
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 /
The date "28 mars 2012" was not understood.
The date "28 mars 2012" was not understood.
Editor/Conference Kaspersky lab
Link http://www.securelist.com/en/blog/208193431/Botnet_Shutdown_Success_Story_again_Disabling_the_new_Hlux_Kelihos_Botnet (Archive copy)
Author Stefan Ortloff
Type

Abstract

Last September, in partnership with Microsoft’s Digital Crimes Unit (DCU), SurfNET and Kyrus Tech, Inc., Kaspersky Lab successfully disabled the dangerous Hlux/Kelihos botnet by sinkholing the infected machines to a host under our control.

A few months later, our researchers stumbled upon a new version of the malware with significant changes in the communication protocol and new “features” like flash-drive infection, bitcoin-mining wallet theft.

Now, we are pleased to announce that we have partnered with the CrowdStrike Intelligence Team, the Honeynet Project and Dell SecureWorks to disable this new botnet.

Last week, we set up worldwide distributed machines for this sinkholing operation and on Wednesday, March 21, we finally began the synchronized propagation of our sinkhole IP-adress to the peer-to-peer network.

Bibtex

 @misc{Ortloff2012BFR964,
   editor = {Kaspersky lab},
   author = {Stefan Ortloff},
   title = {Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet},
   date = {29},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193431/Botnet_Shutdown_Success_Story_again_Disabling_the_new_Hlux_Kelihos_Botnet}},
 }