14 DAY TRIAL // After Kaspersky revealed that the Kelihos botnet they terminated back in September in a partnership with Microsoft and Kyrus Tech Inc. may have returned, the Redmond company comes forward with some clarifications, arguing that this is actually a new version of the Kelihos malware that’s being used to create a new botnet.
The new malware variant is called “Backdoor:Win32/Kelihos.B” and it appears to be based on the initial malware’s cod, but it’s slightly updated and there is no evidence to point that the botnet that was taken down previously has returned to the control of the cybercriminals.
Furthermore, it is believed that this variant is based in part on Waledac, a botnet terminated by Microsoft at the beginning of 2010, but this doesn’t come as a surprise since it’s a known fact that malware authors often utilize code from previous versions.
“Analysis of these samples and continuing observations of Kelihos-infected computers have demonstrated no known re-employment of the original Kelihos botnet by botherders,” Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit said.
Currently, neither Microsoft nor Kaspersky can provide precise numbers to indicate the size of this potentially new botnet, but Kaspersky’s analysis reveals that the size of the old botnet dropped by 25% in the past two months.
It is estimated that the old botnet’s size is far smaller than initially thought, less than 10,000 computers being infected. This number may seem large, but considering that at the time it was taken down the botnet infected 41,000 devices, the progress is pretty significant.
Users who suspect their computers may still be part of the botnet are advised to install security solutions to help them get rid of the malicious elements. Microsoft offers a support page specially dedicated to removing botnets from potentially infected PCs.