• Latest

Kaspersky Lab, Kyrus Tech and Microsoft Disable the Hlux/Kelihos Botnet

30 September, 2011
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020
Matterport Brings 3D Capture to the iPhone

Matterport Brings 3D Capture to the iPhone

5 May, 2020
NASA Administrator Statement on Agency Coronavirus Status

NASA Administrator Statement on Agency Coronavirus Status

15 March, 2020
Technology Supports Social Distancing in age of Covid-19

Technology Supports Social Distancing in age of Covid-19

15 March, 2020
Second Staff Exchange Between EU CyberSecurity Organizations

Second Staff Exchange Between EU CyberSecurity Organizations

19 February, 2020
Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

16 February, 2020
Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February, 2020
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
Turkish Competition Authority’s Android Decision

Turkish Competition Authority’s Android Decision

18 December, 2019
  • About Us
  • Contact Us
  • Homepage
  • Latest News
  • News Widget
  • Privacy Policy
Monday, March 27, 2023
Social icon element need JNews Essential plugin to be activated.
  • Login
  • Register
Globaltelconews
Advertisement
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
Globaltelconews
No Result
View All Result

Kaspersky Lab, Kyrus Tech and Microsoft Disable the Hlux/Kelihos Botnet

globaltelconews-admin by globaltelconews-admin
30 September, 2011
in English
0

Abingdon, UK, 30 September In their ongoing assault against botnet operators and the hosting companies that allow anonymous domain registrations which facilitate them, Kaspersky Lab, Microsoft and Kyrus Tech have successfully worked together to take out the Kelihos botnet, originally named Hlux by Kaspersky Lab. Kelihos was used for delivering billions of spam messages, stealing personal data, performing DDoS attacks and many other criminal activities, via an estimated 40,000 computers. Microsoft has also taken legal action against 24 individuals in connection with the infrastructure behind the botnet, in a civil case that enabled the takedown of the domains being used to command and control the botnet. Microsofts legal action included declarations submitted to court, to which contributions were made by Kaspersky Lab, and also a direct declaration from Kyrus Tech, providing detailed information and evidence regarding the Kelihos botnet.

Kaspersky Lab has played a pivotal role in taking down the botnet, tracking it since the beginning of 2011, when it started collaborating with Microsoft in tackling Kelihos, including sharing its live botnet tracking system with the US company. Kaspersky Lab has also ensured that the botnet cannot be controlled anymore, and continues to make sure that this is the case. Its specialists reversed-engineered the code used in the bot, cracked the communication protocol, discovered the weaknesses in the peer-to-peer infrastructure, and developed the corresponding tools to counteract it. Since the offending domains used in the botnet have gone offline via court orders Microsoft had secured, Kaspersky Lab has been sinkholing the botnet by getting inside its complex internal communications to bring it under control.

Acknowledging Kaspersky Labs active involvement in taking down the botnet, Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, said: “Kaspersky Lab played a key role in this operation by providing us with unique and in-depth insight based upon its technical analysis and understanding of the Kelihos botnet.

This contributed to both a successful takedown and as evidence for declarations made about the analysis and structure of the botnet. We are grateful for its support in this matter and its determination to make the Internet safer.”

Speaking of the continuing role Kaspersky Lab is playing in controlling Kelihos, Tillmann Werner, senior malware analyst of Kaspersky Lab Germany, said: Since Kaspersky Labs sinkholing operation began on 26 September, the botnet has been inoperable. And since the bots are communicating with Kaspersky Labs machine now, data mining can be conducted to track infections per country, for example. So far, Kaspersky Lab has counted 61,463 infected IP addresses, and is working with the respective ISPs to inform the network owners about the infections.

Kelihos is a peer-to-peer botnet. It consists of layers of different kinds of nodes: controllers, routers and workers. Controllers are machines presumably operated by the gang behind the botnet. They distribute commands to the bots and supervise the peer-to-peer network’s dynamic structure. Routers are infected machines with public IP addresses. They run the bot by sending out spam, collecting email addresses, sniffing out user credentials from the network stream, etc.

Microsoft has announced that its Malware Protection Center has added detection for the Kelihos malware to its Malicious Software Removal Tool. Since this tool is well-distributed, the number of infections that have already been cleaned up is significant.
Co-operation between Kaspersky Lab and Microsoft has been ongoing now for some time. Notable recent collaboration includes that of the infamous Stuxnet worm, which hacked industrial control systems like those used in Irans nuclear programs.

Kaspersky Lab would like to thank SURFnet for its support in the operation, and especially for providing the perfect infrastructure to run the sinkhole.

Previous Post

New Higher-capacity Transatlantic Internet Links Between Europe and the USA

Next Post

Morto Worm: Stay Alert and Take Precautions Now Warns NetFort

Next Post

Morto Worm: Stay Alert and Take Precautions Now Warns NetFort

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Navigation

  • Authors
  • Author Login
  • Author Application
  • Advertisement
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Sitemap
Social icon element need JNews Essential plugin to be activated.

© 2018 Globaltelconews.com

No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy

© 2018 Globaltelconews.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In