Last September, in partnership with Microsoft’s Digital Crimes Unit (DCU), SurfNET and Kyrus Tech, Inc., Kaspersky Lab successfully disabled the dangerous Hlux/Kelihos botnet by sinkholing the infected machines to a host under our control. A few months later, our researchers stumbled upon a new version of the malware with significant changes in the communication protocol […]
This month, the MMPC added Win32/Dorkbot to the Microsoft Malicious Software Removal Tool along with detections for the threats Win32/Hioles, Win32/Pluzoks and Win32/Yeltminky. Win32/Dorkbot is described as an IRC-based botnet and a worm, a backdoor with rootkit capability and a password stealer. Despite using a very simple IRC protocol to communicate with the command and […]
It has been four months since Microsoft and Kaspersky Lab announced the disruption of Kelihos/Hlux botnet. The sinkholing method that was used has its advantages — it is possible to disable a botnet rather quickly without taking control over the infrastructure.However,as this particular case showed, it is not very effective if the botnet’s masters are […]
Latest Comments