Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Kaspersky Lab sets record straight on Kelihos botnet takedown

In a press release sent to journalists on Friday, Kaspersky Lab stressed that it was integral to the takedown of the Kelihos botnet, which was used to deliver billion of spam messages, steal personal data, perform distributed denial of service (DDoS) attacks, and other criminal activities using a network of 40,000 infected computers.

The release came a few days after Microsoft claimed responsibility for taking down the Kelihos botnet in an operation codenamed Operation b79.

In a Sept. 27 blog post, Richard Boscovich, senior attorney with Microsoft Digital Crimes Unit, said that Microsoft had neutralized the Kelihos botnet using the same legal and technical measures it used to take down the Rustock and Waledac botnets. In a legal compliant filed in US District Court for Eastern Virginia, Microsoft alleged that 24 individuals – Dominique Alexander Piatti, dotFREE Group SRO, and John Does 1-22 – owned and operated the Kelihos botnet. Microsoft’s goal in taking the legal action is to disable their domain cz.cc and subdomains, such as lewgdooi.cz.cc.

"What about us?", asked Kaspersky Lab researcher Tillmann Werner in a Sept. 28 blog post. “Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse-engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure”, Werner stressed, a fact not mentioned by Boscovich.

“A key part of this effort is the sinkholing of the botnet”, where Kaspersky Lab has gotten inside the botnet’s complex internal communications to bring it under its control, said Werner. “It’s important to understand that the botnet still exists – but it’s being controlled by Kaspersky Lab. In tandem with Microsoft’s move to the U.S. court system to disable the domains, we started to sinkhole the botnet. Right now we have 3,000 hosts connecting to our sinkhole every minute.”

Apparently, Kaspersky did some talking to Boscovich because he is featured prominently in the press release, praising Kaspersky Lab for playing a “key role in this operation by providing us with unique and in-depth insight based upon their technical analysis and understanding of the Kelihos botnet.”