Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet
(Publication) Google search: [1]
Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet | |
---|---|
Botnet | Kelihos, Hlux |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 28 mars 2012 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/208193431/Botnet Shutdown Success Story again Disabling the new Hlux Kelihos Botnet (Archive copy) |
Author | Stefan Ortloff |
Type |
Abstract
“ Last September, in partnership with Microsoft’s Digital Crimes Unit (DCU), SurfNET and Kyrus Tech, Inc., Kaspersky Lab successfully disabled the dangerous Hlux/Kelihos botnet by sinkholing the infected machines to a host under our control.
A few months later, our researchers stumbled upon a new version of the malware with significant changes in the communication protocol and new “features” like flash-drive infection, bitcoin-mining wallet theft.
Now, we are pleased to announce that we have partnered with the CrowdStrike Intelligence Team, the Honeynet Project and Dell SecureWorks to disable this new botnet.
Last week, we set up worldwide distributed machines for this sinkholing operation and on Wednesday, March 21, we finally began the synchronized propagation of our sinkhole IP-adress to the peer-to-peer network.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR964, editor = {Kaspersky lab}, author = {Stefan Ortloff}, title = {Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet}, date = {29}, month = Mar, year = {2012}, howpublished = {\url{http://www.securelist.com/en/blog/208193431/Botnet_Shutdown_Success_Story_again_Disabling_the_new_Hlux_Kelihos_Botnet}}, }