clock menu more-arrow no yes

Filed under:

Second Kelihos botnet downed, 116,000 machines freed

New, 9 comments

Security researchers have downed a second variant of the Kelihos botnet, disabling over 116,000 machines.

cluster of locks security privacy stock 1024
cluster of locks security privacy stock 1024

Security experts from Kaspersky Lab, CrowdStrike Intelligence Team, the Honeynet Project, and Dell SecureWorks have successfully downed a variant of the Kelihos botnet. The original 41,000-computer botnet was originally disabled by Microsoft and Kaspersky Lab back in September, but a second larger variant was discovered in February. The team of security researchers were able to down the new version by infiltrating the peer-to-peer network with fake clients designed to sinkhole other computers on the network.

"A few hours after we started our takedown operation, the bot-herders tried to take countermeasures by rolling out a new version of their bot," says Kaspersky Lab expert Stefan Ortoff. The team were able to maintain control of the infected machines and after six days more than 116,000 bots were connecting to its sinkhole. Kaspersky revealed to ZDNet that this second Kelihos variant could be the fifth version by one particular botnet gang, based on similar code to the original Kelihos.