Kelihos gang is building a new botnet, researchers say


Kelihos gang is building a new botnet, researchers say

The cyber criminal gang behind the sinkholed Kelihos botnet can easily regain control over a part of it

By Lucian Constantin, IDG News Service
March 30, 2012

The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert.

Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday.

BACKGROUND: International security team shoots down second Hlux/Kelihos botnet

The researchers used a method called sinkholing, which involves infiltrating the botnet’s peer-to-peer (P2P) network with rogue clients and tricking the other peers to report back to command and control servers under their control.

However, one day after the successful sinkholing operation was announced, malware experts from security firm Seculert reported that the Kelihos gang had already started building a new botnet.

The Kelihos gang pays the creators of a Facebook worm to install their Trojan horse on already infected computers. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan, Seculert security researchers said in a blog post on Thursday.

However, the Kelihos gang can also leverage the Facebook worm to regain control of the Kelihos bots sinkholed by Kaspersky and its partners, since the worm is still installed on those machines. All it needs to do in order to bypass the sinkhole is pay the worm’s operators to reinfect those computers with the new Kelihos version, said Aviv Raff, Seculert’s chief technology officer, in email.

Sinkholing alone does not result in the complete takedown of botnets, because it doesn’t impact the cyber criminals that operate them or their distribution infrastructure, said Gunter Ollmann, vice president of research at security company Damballa, in a blog post on Thursday.

“If you’re going to take down a botnet you have to take out the criminals at the top. It’s the only way,” Ollmann said. “In the case of P2P-based botnets, there’s very little infrastructure you can get your hands on — and you’ll probably end up having to issue commands to botnet victim devices — which is fraught with legal and ethical problems.”

Ollmann believes that a similar group of researchers will probably attempt to sinkhole the new Kelihos botnet in the future. Unfortunately, cyber criminals can easily escape from this virtual game of Whac-A-Mole by implementing domain generation algorithms as a backup strategy for updating their botnets, he said.

 Kelihos gang is building a new botnet, researchers say.

, , , , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

SATIRE NATION

Off the charts...

Thoughtfully Prepping

My Scribblings about Prepping and Survivalism

Derek's Blog

Personal Blog about nothing

The Better Man Project

A man in progress. One day at a time.

Don Charisma

because anything is possible with Charisma

∙ tenderheartmusings ∙

we were born naked onto the page of existence; with nothing but the pen of our soul to write ourselves into eternal ecstasy ~ DreamingBear Baraka Kanaan

The Wine Wankers

Smile :) You’re at the best wine blog ever! Scroll down to read our fun stories, and join our journey as we fight through the wine jargon in search of a good glass of wine. Wine blogs; the best place to read about wine online! We're rated as one of the most influential wine people on the net by Klout and Kred. Contact: winewankers@hotmail.com

Good Time Stories

Inspiring and Heartwarming Stories

musings from a musical mind

60's flowerchild,herbalist,dreamer, seeker of truth

retireediary

The Diary of a Retiree

AirportsMadeSimple

Your Interactive Travel Magazine~Showcasing a Variety of Authors

oasisbidari

A fine WordPress.com site

NoWorksSalvationApocalypseNow

Finishing Lifes Race Strong

Deep Shit Media

Alternative Sovereign Communications

38 Years

Perspective from the middle ages of life

Bookgirl

A great WordPress.com site

Chastisement 2014

He is ready to separate the chaff from the wheat with his winnowing fork

Direct From The Street - Stuff We And People Share

Photos, Videos, Articles - Business, Social Media, Marketing, Entertainment, Fashion, Sports, Life

Follow

Get every new post delivered to your Inbox.

Join 365 other followers

%d bloggers like this: