In September, Microsoft announced it was part of an operation designed to shut down a criminal botnet that was based on the Kelihos malware program. Today another company, the software security firm CrowdStrike, announced it has also worked with other companies to shut down a Kelihos-based botnet that was even larger than the one closed by Microsoft.
CrowdStrike stated in their blog post that they worked with Dell SecureWorks, the Honeynet Project and Kaspersky to shut down the botnet. The network used Kelihos.B, which is a a successor of the original Kelihos program. While Microsoft's shut down involved 41,000 PCs, CrowdStrike claims that the botnet it closed down involved over 110,000 infected PCs. 84 percent of those PCs were running Windows XP.
CrowdStrike also released an infographic, shown below, which shows how the company and its partners closed down this latest botnet. Basically, the team reversed engineered the malware and then sent it out to the infected PCs in the botnet. The PCs in turn connect to a "sinkhole" that is controlled by CrowdStrike, thus eliminating their connection to the outside Internet.
News.com reports that this particular botnet was used to send out spam for some Canadian-based pharmaceutical companies. However, it also stole bitcoins, the controversial virtual currency, from a number of PCs.
Image via CrowdStrike
7 Comments - Add comment