Microsoft keeps up the botnet pressure
Hot on the heels of Rustock and Waledac
InfoWorld Home / Security / News / Microsoft kills off a botnet by striking a domain...
September 27, 2011
Microsoft kills off a botnet by striking a domain provider
Microsoft has taken the Kelihos botnet offline and shut down the cz.cc subdomains by asking a U.S. court to order Verisign to shut down 21 Internet domains associated with the command-and-control servers that form the brains of the Kelihos botnet.
Kelihos? Though it doesn't appear to register among the biggies listed at M86 Security
it is the principle that matters. This was seen as a successor to Waledac -
"With somewhere between 42,000 and 45,000 infected computers, Kelihos is a small botnet. But, it was spewing out just under 4 billion spam messages per day -- junk mail related to stock scams, pornography, illegal pharmaceuticals and malicious software. Technically, the botnet looked a lot like Waledac, and some security experts think it may have been built by the same criminals."Credit should also go
to Kaspersky Lab for its role -
"Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure," said Tillmann Werner, a senior virus analyst with Kaspersky in Germany. "We worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system," he added.
SiL corrected the spelling of "Microsoft". ($5)