The Kelihos botnet which was killed by Microsoft and Kaspersky Labs in September is back for its expected sequel.
Microsoft and Kaspersky started in the original botnet horror flick, crippling the Kelihos botnet by forcing everyone in it to communicate with a tame computer leaving it to wither and die in what is called a “sinkhole”.
However, everyone knows that a monster like Kelihos will be back for at least three sequels, with most of the original cast dead by the second reel.
Kelihos II,”Back from the Sink Hole”, reveals that while everyone thought that it was a simple botnet serving up nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams, Kelihos was actually an evil Zombie botnet which can rise from the grave.
Part of the problem is that the computers that comprised Kelihos were still infected with its code and the controller of the botnet just used the botnet’s complex infrastructure of proxy servers and communication nodes to regain control.
Ram Herkanaidu, security researcher and education manager for Kaspersky Lab, said that unfortunately it was illegal for security experts to update infected machines to clean them up.
Even with the best intentions, that would be hacking. Because the good guys were too good, Kelihos is out and this time it is angry.
He seems to have emerged from hell with an updated form of encryption to mask the communication with the botnet controllers.
Two different RSA keys are being used for encryption, which means it is possible two different groups are controlling Kelihos.
Microsoft claims that Andrey Sabelnikov of St. Petersburg wrote the code for the botnet, although he says he is innocent.
Microsoft said it is working with Kaspersky on studying the latest Kelihos developments. This time the story will probably end with Kelihos dowsed in flames falling into the River Volga and everyone thinking they are safe again.
That is until Kelihos III, “this time it is personal.”