The Kelihos botnet that Microsoft claimed to have taken down last year has re-emerged with a bag of new tricks aimed at rebuilding at infecting computers, according to security researchers.
They have warned that the resurgent Kelihos botnet is being used to steal credentials, install malware and distribute millions of German stock-related spam messages.
According to Swiss researchers at the Abuse.ch blog, the new version of Kelihos is using a .eu domain in combination with so-called fast flux techniques.
Fast flux is a DNS technique used by botnet operators to mask malware hosting websites behind an constantly-changing network of compromised machines, which act as proxies.
Previously Kelihos had used domains associated with the Czech Republic.
Security firm GFI has also warned that a new variant of Kelihos is on the loose, with those behind it seemingly intent on rebuilding the botnet.
“Despite the best efforts of Microsoft and a number of security specialists, the Kelihos Botnet has continued to gain momentum in the wild,” GFI warned.
Microsoft said it had shut down the Kelihos botnet last September.
At the time, it said: “When Microsoft takes a botnet down, we intend to keep it down.”
One of the people that Microsoft had accused of running Kelihos has strenuously denied involvement.
He recently told Gazeta.ru that despite having worked for an anti-virus firm, he did not have the technical expertise to develop a botnet.
“I specialise in interior design, architecture software systems,” he said according to a Google translation of the interview.
Security firm Kaspersky Labs, which worked with Microsoft on the initial Kelihos takedown reported seeing new variants of the botnet as early as January 2012.
V3 contacted Microsoft and Kaspersky for comment on the revelations but had received no reply at the time of publication.
Small Texas cable firm alleges foul play
Facebook will join fores with UK NGOs to tackle hate speech on the social network
A survey of local authorities has found that they face challenges in the areas of data, compliance and mobility.
More than 800,000 home users could be affected