Dismantled by Microsoft and Kaspersky Labs, the Kelihos botnet is showing signs of life.
Apparently it is very difficult to completely silence a botnet. Last September, Microsoft announced that they had dismantled Kelihos. This operation was conducted with the assistance of Kaspersky Labs, with Microsoft calling on legal filings.
The Russian security solutions developer was called on to take control of the botnet via the sinkholing technique. This technique consists of communicating with the machines infected with the botnet and which are under its control.
No clean-up of the code was made on machines infected with Kelihos (or Hlux) though, which has quickly led to new signs of life. "We could have issued an update to those machines to clean them up, but in several countries this would be illegal", declared a security researcher at Kaspersky Lab.
Cybercriminals have once again taken control of the botnet while new variants have also been released. According to Kaspersky Lab, it is still possible to neutralize the botnet via sinkholing but by using techniques which are slightly different.
For this to be highly effective, the editor has to use the investigation conducted by Microsoft so as to find the people who are hiding behind the botnet. Last week, Microsoft filed legal papers in the United States accusing a Russian developer – who had previously worked for an antivirus and firewall company – of being the primary person behind Kelihos. The individual has denied all accusations.