Kelihos botnet appears again with new variant

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Kelihos botnet appears again with new variant
Botnet Kelihos
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-02-11
Editor/Conference Secure Connexion
Link http://secureconnexion.wordpress.com/2013/02/11/kelihos-botnet-appears-again-with-new-variant/ secureconnexion.wordpress.com (secureconnexion.wordpress.com Archive copy)
Author Jay Pfoutz
Type

Abstract

Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.

This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.

Bibtex

 @misc{Pfoutz2013BFR1297,
   editor = {Secure Connexion},
   author = {Jay Pfoutz},
   title = {Kelihos botnet appears again with new variant},
   date = {11},
   month = Feb,
   year = {2013},
   howpublished = {\url{http://secureconnexion.wordpress.com/2013/02/11/kelihos-botnet-appears-again-with-new-variant/ secureconnexion.wordpress.com}},
 }