Another One Bites the Dust, Microsoft Burns Down Kelihos Botnet


It’s been only a week since Microsoft put the final stamp on their case against the Rustock botnet, and they’ve already pounced again—this time on equally notorious prey: the Kelihos network. In a particularly amusing twist of fate, Kelihos is also called “Waledac 2.0” due to how much code it allegedly shares with the first botnet that Microsoft took down.

The salient details are all posted on Microsoft’s official blog, but it looks like the software giant is using the same tactics that worked so effectively against both Rustock and Waledac: legal action against strategic points in the botnet’s command and control chain.

Microsoft has gone to the United States District Court for the Eastern District of Virginia and asked them to compel VeriSign to shut down 21 Internet domains associated with the botnet. The botnet’s command and control network ran between two IP addresses and 21 domains, according to Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit.

However, taking out the command-and-control is only the first part of the plan. The infection needs to be swept out of cyberspace as well.

“Cleaning up computers infected with the botnet malware is also a very important part of every Microsoft botnet takedown operation,” wrote Boscovich, “and we are planning to work with Internet Service Providers (ISPs) and Community Emergency Response Teams (CERTs) to repair the damage caused by Kelihos as we have with Rustock and Waledac.” To help Windows users get a handle on their own security when it comes to botnet infections, the software giant has provided free tools and information on how to clean their computers and stay safe in the future.

Kelihos is not as large as other botnets that Microsoft has crushed in the past, but it weighs in at around 41,000 infected computers and it’s capable of sending 3.8 billion spam e-mails a day. Aside from infecting computers with malware and sending spam, Kelihos also steals confidential and personal information form its victims and transfers them back to the command and control centers of the network—such as names, Social Security IDs, credit card information, and the like.

As I noted before, earlier last week, Microsoft put the final nail in their case against the Rustock botnet and handed over their information to the FBI to continue any further criminal investigations. Botnets are often part of larger criminal organizations and maintain the infrastructure for tools of computer fraud that crosses international boundaries and victimizes millions of people a year.

Microsoft doesn’t sit still when it comes to the protection of their computers on their software in the face of these threats. They even provide bounties—such as one back in July for $250k for information on the Rustock operators—to help grease the wheels of justice when it comes to taking down these criminal organizations.

Botnets will continue to be a scourge in the future and there’s a lot of angles to attack them. In fact, I in the past I’ve postulated that search engines like Google, browsers, and other common communication software apps could be modified to use big data and their interconnectivity to help fight them. Botnets are not invisible and the data produced my them is certainly not surreptitious when viewed from above (although they might manage to hide from individual firewalls.)

It’s good to see giant corporations like Microsoft working with the FBI and other international authorities to remove these diseases from the Internet.