Another Kelihos-based botnet shut down

In September, Microsoft announced it was part of an operation designed to shut down a criminal botnet that was based on the Kelihos malware program. Today another company, the software security firm CrowdStrike, announced it has also worked with other companies to shut down a Kelihos-based botnet that was even larger than the one closed by Microsoft.

CrowdStrike stated in their blog post that they worked with Dell SecureWorks, the Honeynet Project and Kaspersky to shut down the botnet. The network used Kelihos.B, which is a a successor of the original Kelihos program. While Microsoft's shut down involved 41,000 PCs, CrowdStrike claims that the botnet it closed down involved over 110,000 infected PCs. 84 percent of those PCs were running Windows XP.

CrowdStrike also released an infographic, shown below, which shows how the company and its partners closed down this latest botnet. Basically, the team reversed engineered the malware and then sent it out to the infected PCs in the botnet. The PCs in turn connect to a "sinkhole" that is controlled by CrowdStrike, thus eliminating their connection to the outside Internet.

News.com reports that this particular botnet was used to send out spam for some Canadian-based pharmaceutical companies. However, it also stole bitcoins, the controversial virtual currency, from a number of PCs.

Image via CrowdStrike

Report a problem with article
Previous Story

Apple to offer refunds for new iPad owners in Australia

Next Story

Adobe to charge license fees for some games using Flash

7 Comments

Commenting is disabled on this article.

Pikey said,
Interesting stats ... seems to imply that XP has problems with this particular malware.

Yet another reason to toss XP. Chances are that those infected / apropriated XP boxes had little or no protection and / or were openly exposed to sites that distributed the botnet payload code.

still1 said,
Good job MS... I have seen a lot less spam for about a year.

Did you read the article? This botnet was shutdown by Crowdstrike in partnership with Dell Secureworks / Kaspersky etc. Not by Microsoft