Saturday, 25 May 2013
Kelihos cybercriminals rebuilding botnet
Kelihos cybercriminals rebuilding botnet
By Lucian Constantin, IDG News Service | Apr 3, 2012
0 comments
Digg
PrintThe cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert.
Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday.
The researchers used a method called sinkholing, which involves infiltrating the botnet's peer-to-peer (P2P) network with rogue clients and tricking the other peers to report back to command and control servers under their control.
However, one day after the successful sinkholing operation was announced, malware experts from security firm Seculert reported that the Kelihos gang had already started building a new botnet.
The Kelihos gang pays the creators of a Facebook worm to install their Trojan horse on already infected computers. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan, Seculert security researchers said in a blog post on Thursday.
However, the Kelihos gang can also leverage the Facebook worm to regain control of the Kelihos bots sinkholed by Kaspersky and its partners, since the worm is still installed on those machines. All it needs to do in order to bypass the sinkhole is pay the worm's operators to reinfect those computers with the new Kelihos version, said Aviv Raff, Seculert's chief technology officer, in email.
Sinkholing alone does not result in the complete takedown of botnets, because it doesn't impact the cyber criminals that operate them or their distribution infrastructure, said Gunter Ollmann, vice president of research at security company Damballa, in a blog post on Thursday.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Testing the Cloud – Definitions, Requirements, and Solutions
The widespread availability of high-speed broadband networks has seen applications and web sites move into the Cloud. This use of a cloud-based infrastructure means there is no local infrastructure to purchase, manage, secure, or upgrade. The virtualized data center, whether within the enterprise or located at a cloud service provider, must be properly provisioned in order to provide the necessary functions and performanceof cloud-based applications.
Integrating the physical and the virtual
It’s not just a question of dealing with a proliferation of virtual machines. With convergence, fewer hardware resources deliver multiple capabilities and host multiple workloads.Monitoring these “anytime-anyplace” workloads creates a resource challenge, as there are a limited number of network access points.
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.
