Kelihos. In it is still alive and socially dangerous

On the official blog of Kaspersky Lab there was information on interaction with CrowdStrike Intelligence Team, Honeynet Project and Dell SecureWorks for the purpose of prevention of activity and distribution of the new botnet Kelihos. B. The companies through joint efforts unrolled global P2P-network of under control hosts and on March 21, 2012 initiated synchronized process of distribution of its IP address. During the day "popularity" of a trap sharply grew, and the number of the PCs which pecked on a trick increased several times. After six days the number of the bots which are in a trap reached 116 thousand. Most of them was located in the territory of Poland and the USA.

Growth of quantity of the bots which came across a trick

Versions of OS of the infected computers

Geographical distribution of the infected computers

In September, 2011 LK in cooperation with SurfNET, Kyrus Tech and division of Digital Crimes Unit (DCU) of Microsoft company stopped activity of the previous version of the botnet Hlux/Kelihos, having redirected the infected computers per under control host. Operation on neutralization of network of bots took place Operation b79 code-named. Unfortunately, after several months specialists of LK detected considerably more modified version of the malware capable to infect flash drives and to provide unauthorized access to e-wallets. She also received the commonly accepted name Kelihos. Century.

Unlike the colleagues from LK specialists of Seculert company are not so optimistic. Judging by the message in its official blog, Kelihos. In still continues to extend on Facebook network, to infect new PCs and to actively send spam. Some experts are inclined to explain it with emergence of one more version of Kelihos. With, however Seculert does not separate this point of view. By the way, from the moment of emergence of Kelihos experts of Seculert counted over 70 thousand infected accounts of Facebook.