Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Kelihos Returns: Same Botnet or New Version? (

Gunkerty Jeb writes: The twice-shut-down Kelihos botnet remains active and continues spamming with a new variant, despite yesterday’s efforts by Kaspersky Lab and CrowdStrike that knocked offline and sinkholed the most recent version of the botnet.

According to a Seculert report, the indomitable botnet is using a Facebook worm to continue spreading itself and infecting new machines. Its command and control server is still capable of communicating with other members of the botnet.

Researchers at Seculert are reluctant to classify this as a ‘Kelihos.c’ (or three), claiming instead that this is the same botnet. Seculert says that the same criminals are still responsible for the network’s operation and, furthermore, have the capacity to regain control over sinkholed machines by using the Facebook worm mentioned above.

Whether or not the two botnets are of the same variant is merely a matter of semantics, but Kaspersky and CrowdStrike refute Seculert's claims that criminals can regain control of sinkholed machines.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Kelihos Returns: Same Botnet or New Version?

Comments Filter:

The shortest distance between two points is under construction. -- Noelie Alito