Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet
Hlux-kelihos-kaspersky.jpg
Botnet Kelihos, Hlux
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 28 mars 2012
Editor/Conference Kaspersky lab
Link http://www.securelist.com/en/blog/208193431/Botnet Shutdown Success Story again Disabling the new Hlux Kelihos Botnet (Archive copy)
Author Stefan Ortloff
Type

Abstract

Last September, in partnership with Microsoft’s Digital Crimes Unit (DCU), SurfNET and Kyrus Tech, Inc., Kaspersky Lab successfully disabled the dangerous Hlux/Kelihos botnet by sinkholing the infected machines to a host under our control.

A few months later, our researchers stumbled upon a new version of the malware with significant changes in the communication protocol and new “features” like flash-drive infection, bitcoin-mining wallet theft.

Now, we are pleased to announce that we have partnered with the CrowdStrike Intelligence Team, the Honeynet Project and Dell SecureWorks to disable this new botnet.

Last week, we set up worldwide distributed machines for this sinkholing operation and on Wednesday, March 21, we finally began the synchronized propagation of our sinkhole IP-adress to the peer-to-peer network.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR964,
   editor = {Kaspersky lab},
   author = {Stefan Ortloff},
   title = {Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet},
   date = {29},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193431/Botnet_Shutdown_Success_Story_again_Disabling_the_new_Hlux_Kelihos_Botnet}},
 }