
Stricken Kelihos botnet rises from the dead
Botnet emerges to restart its campaign to compromise PCs

The Kelihos botnet that Microsoft claimed to have taken down last year has re-emerged with a bag of new tricks aimed at rebuilding at infecting computers, according to security researchers.
They have warned that the resurgent Kelihos botnet is being used to steal credentials, install malware and distribute millions of German stock-related spam messages.
According to Swiss researchers at the Abuse.ch blog, the new version of Kelihos is using a .eu domain in combination with so-called fast flux techniques.
Fast flux is a DNS technique used by botnet operators to mask malware hosting websites behind an constantly-changing network of compromised machines, which act as proxies.
Previously Kelihos had used domains associated with the Czech Republic.
Security firm GFI has also warned that a new variant of Kelihos is on the loose, with those behind it seemingly intent on rebuilding the botnet.
“Despite the best efforts of Microsoft and a number of security specialists, the Kelihos Botnet has continued to gain momentum in the wild,” GFI warned.
Microsoft said it had shut down the Kelihos botnet last September.
At the time, it said: “When Microsoft takes a botnet down, we intend to keep it down.”
One of the people that Microsoft had accused of running Kelihos has strenuously denied involvement.
He recently told Gazeta.ru that despite having worked for an anti-virus firm, he did not have the technical expertise to develop a botnet.
“I specialise in interior design, architecture software systems,” he said according to a Google translation of the interview.
Security firm Kaspersky Labs, which worked with Microsoft on the initial Kelihos takedown reported seeing new variants of the botnet as early as January 2012.
V3 contacted Microsoft and Kaspersky for comment on the revelations but had received no reply at the time of publication.
V3 Latest
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT wants to make the public switched telephone network history within eight years
Facebook Login hijacked by hidden web trackers, claim security researchers
Personal data being purloined by third parties via Facebook Login API
Apple: we've no plans to merger iOS and MacOS
MacOS and iOS are better off apart, says CEO Tim Cook
Oracle: Java SE 8 business users must buy a licence from January next year
Or they'll no longer be entitled to updates and bug patches