Microsoft disables 41,000-strong Kelihos botnet

By on September 27, 2011, 7:08 PM

Microsoft added another notch to its belt today following the demise of a 41,000-strong botnet. Called Kelihos or Waledac 2.0, the zombie network was capable of sending 3.8 billion spam emails per day. While it isn't the biggest fish Microsoft has fried, this marks the first time it has named a defendant in a botnet case. One alleged operator has been personally notified of the actions against him as of 8:15AM Central Europe time on Monday.

In its Virginia federal court filing, Microsoft alleges that Dominique Alexander Piatti of the Czech Republic used the free domain service dotFREE Group to operate and control Kelihos -- namely with "cz.cc" domains. In addition to hosting Kelihos, cz.cc domains have previously appeared on Redmond's radar for delivering the MacDefender scareware. In May, Google temporarily blocked cz.cc addresses from its search results for hosting malware.

The complaint also includes 22 more "John Doe" defendants, but their identities are unknown. Such is the case with Microsoft's previous endeavors. In July, the company offered a $250,000 bounty for information that would lead to the identification and conviction of the individuals behind Rustock, a mammoth botnet Microsoft killed in March. Rustock was responsible for 47.5% of global spam in late 2010, sending 44.1 billion emails daily.

Repeating the formula that has worked in past cases, Microsoft killed Kelihos by seizing the domains largely responsible for issuing instructions to the infected computers. On September 22, the company filed for an ex parte temporary restraining order against Piatti, dotFREE Group SRO and the John Does, allowing the company to sever the known connections between Kelihos and its enslaved machines. Some of the cz.cc domains were admittedly being used for legitimate businesses and Microsoft is working with Piatti to get those sites back online.

Analysis revealed that much of Kelihos' code was borrowed from Waledac, which infected about 90,000 systems at its peak and was disabled by Redmond last year. "The Kelihos takedown is intended to send a strong message to those behind botnets that it's unwise for them to simply try to update their code and rebuild a botnet once we've dismantled it. When Microsoft takes a botnet down, we intend to keep it down -- and we will continue to take action to protect our customers and platforms and hold botherders accountable for their actions," Microsoft said.




User Comments: 11

Got something to say? Post a comment
PinothyJ said:

Anyone else just imagine Microsoft as a character from an old western film?

Just saying...

Guest said:

That is absolutely great! Now let's get the rest of the 60%.

Guest said:

@Guest. Unlikely, as others will be created.

Zerg Rush anyone? :P

Guest said:

Microsoft administering yet another enema to the interweb.

Guest said:

Thank You Microsoft

9Nails, TechSpot Paladin, said:

pinothyj said:

Anyone else just imagine Microsoft as a character from an old western film?

Just saying...

Must be the botherder comment. But, they are acting like the new Sherrif in town and have the big guns (code posse) that can take down botnets. /queue the tumbleweeds

1977TA said:

That's awesome GJ Microsoft! I admin a webmaster and privacy administrator account for a Fortune 500 company, needless to say I get a BUTTLOAD of spam. This is great news.

Guest said:

The ONLY way to get rid of these botnets is to stop using MICROSOFT!

Get a brain and then start using it!

1977TA said:

Guest said:

The ONLY way to get rid of these botnets is to stop using MICROSOFT!

Get a brain and then start using it!

Ah huh, 90+% of the world uses a Microsoft OS, not to mention their other products like MS Office that probably EVERY company is integrated with. You think we should all switch to iOS ( which is basically Linux ) ?

I think we people without a brain are going to be using some sort of MS product til we die.

gwailo247, TechSpot Chancellor, said:

Guest said:

The ONLY way to get rid of these botnets is to stop using MICROSOFT!

Get a brain and then start using it!

And the alternatives are OSX, which is too expensive when you consider it is linked to hardware, or Linux, which is a great OS for people who are complete computer nerds, but reality is cannot be given away for free as 99.999% of the people are not complete computer nerds.

So which of the two did you have in mind when you made your post?

Guest said:

The problem with OSx is that it requires very specific (and usually more expensive) hardware, it's also just a gussied up UNIX (read: Linux) distro.

The problem with Linux is not only is it slightly less user friendly (it's made great strides in recent years to make all of the basic functions very user friendly, but I still find myself needing to go into command window when I need to install a program), but that it's a fragmented environment. You've got Ubuntu, Red Hat, Debian, among dozens others, each one unique and different - and each one needing to be taught how to play nice with other OSs (with except maybe server distros of Linux). And on top of all this is Linux's memory issues. Yes, they're lighter, but they way it handles programs is inappropriate for the large and powerful programs of modern day (compared to what they were when Linux first said hello to the world).

While all these issues with Linux combine to create a "security by obscurity", that security is just an illusion and Linux is just waiting to be exploited. You need to stop thinking about security as "holes" and more as "stats from RPGs". A hole implies it is something that can be blocked, sealed up and fixed, when really you could never plug all the holes. But, if you think of security in terms of stats, then yo realize you can improve on your weaknesses and strengths so that there are fewer opponents with stats higher than your own (that are able to beat you, because of that), and also allows for a layer of chance to be involved.

Now, it's amazing that Microsoft is as secure as it is (with Windows 7 being ridiculous secure, it took months for hackers to find an exploit - when it normally takes them days or hours to find a weakness they can exploit). They are 90% of the market, including the fortune 500 companies - it's a very tempting, very valuable target. It has a high chance of at least some success, with an equally high chance of a massive pay off. Not only is the target bigger, but it's worth more too. So Microsoft has taken a proactive approach. Rather than cleaning up and fixing up after someone breaks their systems outright, they've started fighting back by taking these botnets down as quickly as they can (instead of just trying to keep them out of their customer's machines).

Considering they have every hacker out there taking aim at their products (thousands, if not millions, against their hundreds, maybe thousands of programers), they're doing a remarkable job at staying ahead of the curve and keeping their users machine as safe as possible

Of course, there's the human factor - and that's a whole other issue.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.