Kaspersky Lab: Kelihos/Hlux Botnet Returns With New Techniques
After a successful, joint effort with Microsoft’s Digital Crimes Unit (DCU) last year to block the dangerous Kelihos/Hlux botnet that was responsible for a widespread spamming activity, security experts at Kaspersky Lab have found that the botnet could still roam freely as long as the cybercriminals behind its operations are still at large.
Botnets are actually a collective of Internet-connected computers that are controlled by a single or a group of cybercriminals with the devious purpose of sending out spam to as many computers as possible. Botnets are also used for denial-of-service (DOS) on websites to slow or take down the website.
The Kelihos/Hlux botnet was among the largest global botnets. In an effort to stop the botnet from further infecting other computers, Microsoft and Kaspersky Lab teamed up last year to take it down, employing a “sinkhole” method wherein the botnet targeted empty servers controlled by Kaspersky Lab. Meanwhile, Microsoft’s DCU searched for the source domains of the botnet and unregistered them, thereby cutting the effectivity of the botnet to spread spam from other infected computers.
But in recent weeks, Kaspersky Lab has also found that new versions of Kelihos/Hlux have been found and are using a different encryption, which means that the botnet master has a list of other active computers from which they can relaunch their attacks.
According to Kaspersky Lab Expert Maria Garnaeva, the sinkholing technique that they used the first time can still be effective but has to be changed to compensate for the new encryption methods being used by the original source of the botnet.
“It is possible to push an update tool on infected machines to neutralize the botnet. In this case, the botmasters need to infect machines again to build another botnet,” she added.
As with any activity to stop cybercrime, Garnaeva stressed that catching the person or persons behind the botnet is the most effective way to stop the Kelihos/Hlux from spreading again.
“We believe that the most effective method to disable a botnet is finding the people who are behind it. Let’s hope that Microsoft will carry out its investigation to the end,” she said.
MB.COM.PH
0 comments:
Post a Comment