According to a Seculert report, the indomitable botnet is using a Facebook worm to continue spreading itself and infecting new machines. Its command and control server is still capable of communicating with other members of the botnet.
Researchers at Seculert are reluctant to classify this as a ‘Kelihos.c’ (or three), claiming instead that this is the same botnet. Seculert says that the same criminals are still responsible for the network’s operation and, furthermore, have the capacity to regain control over sinkholed machines by using the Facebook worm mentioned above.
Whether or not the two botnets are of the same variant is merely a matter of semantics, but Kaspersky and CrowdStrike refute Seculert's claims that criminals can regain control of sinkholed machines.