Kelihos is dead… No wait… Long live Kelihos! Again!

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Kelihos is dead… No wait… Long live Kelihos! Again!
Botnet Kelihos
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-03-06
Editor/Conference Trustwave
Link http://blog.spiderlabs.com/2013/03/kelihos-is-dead-no-wait-long-live-kelihos-again.html blog.spiderlabs.com (blog.spiderlabs.com Archive copy)
Author Phil Hay
Type Blogpost

Abstract

This post is inspired by a news article which highlighted a recent presentation at RSA. Kelihos, for those that don’t know, is a spamming botnet. For the last few years it has been around in some form or another, but its spam output has not been nearly as large as some of the other botnets we regularly talk about, like Cutwail or Lethic.

Anyway, the article is entitled Latest Kelihos Botnet Shut Down Live at RSA Conference 2013. Wow! Cool! A Live Takedown! “But then again”, I thought, “that would the third time this particular botnet has supposedly been taken down”. So I went over to check our spam traps for evidence of the effect.

And here is what was found, huge amounts of stock ‘pump & dump’ spam:...

Bibtex

 @misc{Hay2013BFR1313,
   editor = {Trustwave},
   author = {Phil Hay},
   title = {Kelihos is dead… No wait… Long live Kelihos! Again!},
   date = {06},
   month = Mar,
   year = {2013},
   howpublished = {\url{http://blog.spiderlabs.com/2013/03/kelihos-is-dead-no-wait-long-live-kelihos-again.html blog.spiderlabs.com}},
 }