Submission + - Kaspersky Takes Down Kelihos Botnet Again, Expects Return (threatpost.com)
Gunkerty Jeb writes: For the second time in six months, researchers from the Russian antivirus company, Kaspersky Lab, carried out an operation to take down the newest iteration of the Kelihos botnet, also known as "Hlux."
Kaspersky Lab said it will "sinkhole" the botnet — taking control of the botnet's command and control servers and preventing them from distributing any more malicious content. While the private firm does not have the legal authority to sanitize infected machines, Kaspersky will contact the Internet service providers (ISPs) whose customers are infected, and hope they action.
Despite their success, the re-emergence of Kelihos just months after being "taken down" in a similar, coordinated effort underscores the difficulty of wrangling global networks of infected computers. Tillmann Werner of Crowd Strike and Kaspersky Lab's Marco Preuss warned on Wednesday that Kelihos will emerge again.
Kaspersky Lab said it will "sinkhole" the botnet — taking control of the botnet's command and control servers and preventing them from distributing any more malicious content. While the private firm does not have the legal authority to sanitize infected machines, Kaspersky will contact the Internet service providers (ISPs) whose customers are infected, and hope they action.
Despite their success, the re-emergence of Kelihos just months after being "taken down" in a similar, coordinated effort underscores the difficulty of wrangling global networks of infected computers. Tillmann Werner of Crowd Strike and Kaspersky Lab's Marco Preuss warned on Wednesday that Kelihos will emerge again.
