Microsoft confirms Kelihos botnet return on its radar

Microsoft has confirmed the latest evolution of the Kelihos botnet is on its radar, suggesting that a renewed takedown effort may be on the cards.

Microsoft Digital Crimes Unit assistant general counsel, Richard Boscovich, told V3 the company was aware of the new Kelihos variant, in a rare statement regarding its activities against specific botnets threats.

"Microsoft does not release details about its future botnet takedowns as this practice could prompt cybercriminals to pre-emptively adjust their operations," Boscovich said.

"However, this new variant of Kelihos is on Microsoft's radar and the company is monitoring the threat."

Boscovich comments follow on from the discovery of a third, more sophisticated version of the Kelihos botnet.

Security firms FireEye and Kaspersky spotted the new version of the botnet on Monday.

The evolved botnet is more dangerous than previous versions as it features so-called fast-flux capabilities, which make it harder for security firms to identify the command and control servers.

Kaspersky has since linked the new Kelihos botnet to the Nap Trojan discovered by security firm FireEye last week.

Microsoft had claimed to have taken down the botnet down by sinkholing the domains that Kelihos was using in 2011.

The tactic was meant to remove the attackers' ability to communicate with infected machines. The second takedown attempt in March 2012 used the same tactic.

Though unconfirmed, a third takedown attempt would be consistent with Microsoft's past botnet strategy.

Kelihos is one of many botnets Microsoft has tried to take down. Last week, the company reported it had taken down the Bamital botnet with help from Symantec.

Following the Bamital takedown, Microsoft told V3 it was already planning further takedown missions but did not specify any targets.