New Malware in New Botnet

Wednesday, February 8, 2012 @ 05:02 PM gHale

After Kaspersky revealed the Kelihos botnet they terminated back in September in a partnership with Microsoft and Kyrus Tech Inc. may have returned, Microsoft said this is actually a new version of the Kelihos malware that is now a new botnet.

The new malware variant is called “Backdoor:Win32/Kelihos.B” and it appears to be similar to the initial malware’s code, but it’s slightly updated and there is no evidence to point the botnet taken down previously returned to the control of the cybercriminals.

Botnet Taken Down, then Resurfaces”
Malware with Customer Support
New Software Cuts Costs, Risk
Scanner Email Hides Malware

This variant is also partly related to Waledac, a botnet terminated by Microsoft at the beginning of 2010, but it’s a known fact malware authors do not reinvent the wheel all the time so they often utilize code from previous versions.

“Analysis of these samples and continuing observations of Kelihos-infected computers have demonstrated no known re-employment of the original Kelihos botnet by botherders,” said Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit.

Currently, neither Microsoft nor Kaspersky can provide precise numbers to indicate the size of this new botnet, but Kaspersky’s analysis reveals the size of the old botnet dropped by 25% in the past two months.

The old botnet’s size is far smaller than initially thought, less than 10,000 computers infected. This number may seem large, but considering at the time it went down the botnet infected 41,000 devices, the progress is pretty significant.

Leave a Reply

You must be logged in to post a comment.