The Websense Security Labs Spam Trap system has detected a variant of Kelihos that is apparently still active.
Google Maps showing geographically how widespread the Kelihos command and control and peers infrastructure is, and therefore how well protected the botnet is.
“Kelihos is yet another example of how botnets shut down and reappear. Malware authors have a motive to get them up and running again. Websense Labs detected this new variant of Kelihos as we are constantly monitoring web and email exploits. More importantly, we are able to join the dots between these different attack vectors and protect against cybercriminals achieving their ultimate goal – stealing data,” said Carl Leonard, Senior Security Research Manager (EMEA), Websense Security Labs.Over the last half a year, the spam engine Kelihos has attracted the attention of many people, including security company researchers and analysts.
Microsoft had partnered with Kyrus Tech Inc. and Kaspersky Lab to take down the Kelihos botnet in September 2011.
However, Microsoft has recently confirmed, on its official blog, a new generation of Kelihos variants derived from the original Kelihos botnet.
Websense Security Labs has written up a detailed account of their investigations into this resilient nuisance.
