Feeds

back to article Kelihos botnet BACK FROM THE DEAD

The spam-spewing Kelihos botnet has returned from the dead. Microsoft collaborated with Kaspersky Lab to run a successful takedown operation last September. The takedown decapitated the botnet by shutting down command-and-control server nodes, directing the bots on infected computers to contact a server under the control of …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Correction?

"common-and-control" should be command-and-control?

Also, SHOOT IT IN THE HEAD!!!!111

0
0
Silver badge
Headmaster

New link

There is a new "report corrections" link, if you notice...

3
1
Anonymous Coward

No there's not

Not from the mobile version of the site it seems. I looked before I posted and just checked again. Nada :(

1
1
Anonymous Coward

"a Russian national was involved..."

Do they award them medals in Russia?

0
0

This post has been deleted by its author

Silver badge
Coat

No, in Soviet Russia, the medials award the nationals instead.

(Sorry, it had to be said!)

0
0
Bronze badge
Thumb Down

Duuuh!

"A deliberate decision was taken NOT to patch infected machines, a problematic process that's illegal in some countries. Instead it was left to users to fix the security on their compromised machines."

You can't put a Bandaid on a huge gaping wound and expect it to heal. Seriously I don't care what the ramifications may be (Like it causing the infected computers to crash and if so good riddance to them). They should just fucking do it!

1
3
Bronze badge

Right, even more: running MS Windows is akin to treating wounds with salt.

1
5
Ru
Stop

They should do nothing of the sort

That is a law enforcement job, not that of a commercial software company. Not only would they be exposing themselves to prosecution (it is vigilantism, effectively) but I've no doubt that some entireprising individuals could arrange civil suits too.

What is needed is sensible, coordinated support by national law enforcement agencies. Now all we need are senisble law enforcement agencies who actually understand what a botnet is...

4
0
Bronze badge
Thumb Down

@They should do nothing of the sort

From an old copy of the EULA:

"You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."

This is precisely the sort of thing that would be a valid use of this clause.

And how is telling the machines to look elsewhere for commands any different, other than the size of change?

0
1
Ru

Quite

It isn't any different, really.

As for the EULA, they make for pretty treacherous legal footing for all concerned. If nothing else, unless MS provided the trojan in question, they have no right to make changes to its configuration!

0
0
Silver badge
Facepalm

It could get tricky

I might be running a 'botnet' that has perfectly legitimate and essential uses (such as monitoring and controlling medical equipment for home care patients) and uses similar techniques to the spam code. If my application code is a commercial secret (of course it is), then how do Microsoft know that a specialised patch to stop the spam botnet wouldn't disrupt my application and screw up many people in a bad way?

(Before anyone says it, I know it should be running on a specialised Linux appliance.)

0
0
Anonymous Coward

Few things

1. EULA's have been proven pretty much usless in court. Also they can patch their software, they cannot alter other software, i.e. forcibly remove the "program". By using AV, you are giving that explit consent.

2. "And how is telling the machines to look elsewhere for commands any different, other than the size of change?"....

The didn't connect to the pc's. They interupted the C&C servers, for whih they had court orders for.

Most people probebrly haven't patched as they are proberbly dodgy copies.

0
0
Silver badge
Stop

@Jess

There does appear to be a bit of a difference between "provid[ing] upgrades and fixes to the Product" and "ramming upgrades and fixes to the Product down the unsuspecting Throat of the User without his/her Consent". While I would welcome the former, I'm basically not interested in the latter.

0
0
Anonymous Coward

"Almost inevitably many........." PC owners have very little knowledge and ZERO motivation to learn leaving us ALL to suffer the consequences.

1
1
Thumb Up

popups

In the same was that windows had popups informing of WGA / non genuine keys a few years back why not have a pop up that says your pc is infected?

It doesn't affect the DPA or the CMA since nothing has been removed.

1
0

The most obvious problem I can see is that your average user might think it's a pop-up screen from a piece of malware & do what they've been told to do so many times, & ignore it

4
0
Anonymous Coward

Warning dialogs are of no use, as that is how the fake anti-virus scams get onto the computer in the first place.

Fake AV comes in via some unpatched product like Java, Acrobat or Windows. It then deletes the legitimate anti-virus product and pops up convincing looking windows of its own. Those windows will look like Microsoft's own Security Centre and will include an "anti-virus" warning which guides you to pay up $50 to have your PC "cleaned". These even include UK Call Centres now!!

I am constantly dealing with this stuff. Speedily mutating products which keep finding ways round many legit anti-virus products. Good fun to kill though - I enjoy the challenge of tracking their tricks. And dumb users keep me in work

0
0

The fact that people fall for this sort of trick is exactly the reason why it should have been used to clean the machines. Remember these people have got their machines infected (probably by following a dodgy popup instruction) so it is absolutely correct to aim a legitimate popup at them as they obviously follow these sorts of instructions.

Yes, we tell them every day that it's a ruse and should never be trusted but have they listened?

1
0
This topic is closed for new posts.