Kelihos botnet appears again with new variant
(Publication) Google search: [1]
| Kelihos botnet appears again with new variant | |
|---|---|
| Botnet | Kelihos |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-11 |
| Editor/Conference | Secure Connexion |
| Link | http://secureconnexion.wordpress.com/2013/02/11/kelihos-botnet-appears-again-with-new-variant/ secureconnexion.wordpress.com (secureconnexion.wordpress.com Archive copy) |
| Author | Jay Pfoutz |
| Type | |
Abstract
“ Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.
This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1297,
editor = {Secure Connexion},
author = {Jay Pfoutz},
title = {Kelihos botnet appears again with new variant},
date = {11},
month = Feb,
year = {2013},
howpublished = {\url{http://secureconnexion.wordpress.com/2013/02/11/kelihos-botnet-appears-again-with-new-variant/ secureconnexion.wordpress.com}},
}