Kelihos is dead… No wait… Long live Kelihos! Again!
(Publication) Google search: [1]
| Kelihos is dead… No wait… Long live Kelihos! Again! | |
|---|---|
| Botnet | Kelihos |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-03-06 |
| Editor/Conference | Trustwave |
| Link | http://blog.spiderlabs.com/2013/03/kelihos-is-dead-no-wait-long-live-kelihos-again.html blog.spiderlabs.com (blog.spiderlabs.com Archive copy) |
| Author | Phil Hay |
| Type | Blogpost |
Abstract
“ This post is inspired by a news article which highlighted a recent presentation at RSA. Kelihos, for those that don’t know, is a spamming botnet. For the last few years it has been around in some form or another, but its spam output has not been nearly as large as some of the other botnets we regularly talk about, like Cutwail or Lethic.
Anyway, the article is entitled Latest Kelihos Botnet Shut Down Live at RSA Conference 2013. Wow! Cool! A Live Takedown! “But then again”, I thought, “that would the third time this particular botnet has supposedly been taken down”. So I went over to check our spam traps for evidence of the effect.
And here is what was found, huge amounts of stock ‘pump & dump’ spam:...
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1313,
editor = {Trustwave},
author = {Phil Hay},
title = {Kelihos is dead… No wait… Long live Kelihos! Again!},
date = {06},
month = Mar,
year = {2013},
howpublished = {\url{http://blog.spiderlabs.com/2013/03/kelihos-is-dead-no-wait-long-live-kelihos-again.html blog.spiderlabs.com}},
}