Microsoft is preparing to release an update version of the free Malicious Software Removal Tool designed to help identify and clean zombie computers that are part of the Kelihos / Waledac 2.0 botnet.Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit announced on September 27, 2011 that the Redmond company had taken down Kelihos, which it believes was operated by either the same people as those behind Waledac 1.0 or by other cybercriminals, but using large portions of the original Waledac code.
Boscovich indicates that over 41,000 zombie PCs worldwide are infected with Kelihos, which makes it a small botnet, but nonetheless, since it managed to severe the links that allowed the attackers to command the computers under their control, the software giant also debuted the cleaning process.
The Kelihos takedown was done in ‘Operation b79,’ Microsoft’s third Project MARS (Microsoft Active Response for Security) initiative, after the one focused on the original Waledac and Rustock.
“The Microsoft Malware Protection Center will add the Win/32 Kelihos family in a second release of the Malicious Software Removal Tool later today to help minimize the malware’s future impact. And, as we have since the beginning of our botnet takedown initiative, we continue to provide free tools and information to help customers clean and regain control of their computers at http://support.microsoft.com/botnets,” Boscovich said.
At the same time, the software giant will do much more than simply release an updated version of Malicious Software Removal Tool (MSRT).
“Cleaning up computers infected with the botnet malware is also a very important part of every Microsoft botnet takedown operation, and we are planning to work with Internet Service Providers (ISPs) and Community Emergency Response Teams (CERTs) to repair the damage caused by Kelihos as we have with Rustock and Waledac,” Boscovich added.
With the latest move against Kelihos / Waledac 2.0, Microsoft wants to send a clear message to cybercriminals, that they need to let their botnets die if the company took them down.
The Malicious Software Removal Tool (MSRT) is available for download here.