Security experts from Kaspersky Lab, CrowdStrike Intelligence Team, the Honeynet Project, and Dell SecureWorks have successfully downed a variant of the Kelihos botnet. The original 41,000-computer botnet was originally disabled by Microsoft and Kaspersky Lab back in September, but a second larger variant was discovered in February. The team of security researchers were able to down the new version by infiltrating the peer-to-peer network with fake clients designed to sinkhole other computers on the network.
Second Kelihos botnet downed, 116,000 machines freed
Security researchers have downed a second variant of the Kelihos botnet, disabling over 116,000 machines.
Security researchers have downed a second variant of the Kelihos botnet, disabling over 116,000 machines.
is a senior correspondent and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
“A few hours after we started our takedown operation, the bot-herders tried to take countermeasures by rolling out a new version of their bot,” says Kaspersky Lab expert Stefan Ortoff. The team were able to maintain control of the infected machines and after six days more than 116,000 bots were connecting to its sinkhole. Kaspersky revealed to ZDNet that this second Kelihos variant could be the fifth version by one particular botnet gang, based on similar code to the original Kelihos.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
