Kelihos botnet is making a comeback

In September, Microsoft announced that it had helped to shut down the Kelihos botnet, an infected network of 41,000 PCs that in the past send out billions of spam email messages, among other things. In January, Microsoft named Russian-based Andrey N. Sabelnikov as a defendant in its lawsuit against the botnet. Sabelnikov has since declared his innocence.

But was all that work for nothing? PCWorld.com reports that the Kelihos botnet seems to be back in operation. The reason is that all of the PCs in the botnet are still infected with the code created by the people behind it. While Microsoft and others shut down the botnet by forcing the infected PCs to communicate with a PC they controlled, it appears that the networks creators have devised a way to regain control of the botnet.

According to Ram Herkanaidu, a security researcher and education manager for Kaspersky Lab, "We could have issued an update to those machines to clean them up, but in several countries that would be illegal".

For its part, Microsoft said in a statement it is working with Kaspersky Lab to monitor the botnet's activities. There's no word on what new actions Microsoft might take to bring down the botnet once and for all.

Report a problem with article
Previous Story

Facebook officially files for IPO; has 845 million users

Next Story

Report: Google+ now has over 100 million users

18 Comments

Commenting is disabled on this article.

Flatval said,
So which is it:

infected network of computers?

or

network of infected computers?

Botnet is a network of infected/owned (unknown by its users) Windows computers.

alexalex said,

Botnet is a network of infected/owned (unknown by its users) Windows computers.


it doesnt just have to be windows computers

DKAngel said,

it doesnt just have to be windows computers

No, it does not, but there are no known MAC or Linux botnets, but there are tens of millions Windows PCs bot-netted.

Did you know that Microsoft's Windows update won't update an infected Windows PC leaving it insecure ?
If during the MRT scanning process a virus, rootkit,botnet.... is found, the security update will cancel until the PC is clean.

If microsoft had control of the botnet, why didn't they just force every computer that it was installed on to open a website on microsoft's own computers that told the owner they were infected every hour or so? That's not forcing an update or anything, and it informs the user of the issue.

Kelxin said,
If microsoft had control of the botnet, why didn't they just force every computer that it was installed on to open a website on microsoft's own computers that told the owner they were infected every hour or so? That's not forcing an update or anything, and it informs the user of the issue.

Because such an action would be illegal

Sraf said,

Because such an action would be illegal

Thats just ridiculous. If these things need to be resolved then a law needs to pass to allow major software companies who owns the OS to deploy emergency updates.

witalit said,

Thats just ridiculous. If these things need to be resolved then a law needs to pass to allow major software companies who owns the OS to deploy emergency updates.


You forget, whenever anyone tries to pass a law that has anything to do with the internet and forcing users to do something, people throw a hissy fit and turn it into a big political hullabaloo.

GOD I love that word. Hullabalooooooooo.

Dot Matrix said,
Sounds like people aren't installing system updates. Shame, shame.
Most likely. Most people would click "remind me later" or "postpone"

Botnets don't ever really die unless you kill the master machine controlling the bots, that is the point of a botnet...

De.Bug said,
Botnets don't ever really die unless you kill the master machine controlling the bots, that is the point of a botnet...

No, if for example they're IRC clients just waiting for IRC commands, you kill the server, the clients are all still there attempting to connect.