The Kelihos botnet that Microsoft claimed to have taken down last year has re-emerged with a bag of new tricks aimed at rebuilding at infecting computers, according to security researchers.
They have warned that the resurgent Kelihos botnet is being used to steal credentials, install malware and distribute millions of German stock-related spam messages.
According to Swiss researchers at the Abuse.ch blog, the new version of Kelihos is using a .eu domain in combination with so-called fast flux techniques.
Fast flux is a DNS technique used by botnet operators to mask malware hosting websites behind an constantly-changing network of compromised machines, which act as proxies.
Previously Kelihos had used domains associated with the Czech Republic.
Security firm GFI has also warned that a new variant of Kelihos is on the loose, with those behind it seemingly intent on rebuilding the botnet.
“Despite the best efforts of Microsoft and a number of security specialists, the Kelihos Botnet has continued to gain momentum in the wild,” GFI warned.
Microsoft said it had shut down the Kelihos botnet last September.
At the time, it said: “When Microsoft takes a botnet down, we intend to keep it down.”
One of the people that Microsoft had accused of running Kelihos has strenuously denied involvement.
He recently told Gazeta.ru that despite having worked for an anti-virus firm, he did not have the technical expertise to develop a botnet.
“I specialise in interior design, architecture software systems,” he said according to a Google translation of the interview.
Security firm Kaspersky Labs, which worked with Microsoft on the initial Kelihos takedown reported seeing new variants of the botnet as early as January 2012.
V3 contacted Microsoft and Kaspersky for comment on the revelations but had received no reply at the time of publication.
Leaks indicate that launch of AMD APUs with integrated Vega graphics is just around the corner
Facebook CISO Alex Stamos defends company over claims company network is 'run like a college campus'
Stamos explains: Facebook engineers enjoy a lot of autonomy, it's not disorganised and chaotic
HMRC refusal over VAT payment schedule forces 22-year-old computer reseller to the wall
AMD claims updates to Radeon ProRender will speed-up 3ds Max rendering by up to 35 per cent