Massive Kelihos Botnet Attacks Continue To Spread

Computer security experts continue to witness large-scale attacks caused by the Kelihos botnet, continue reading to find out more.

New Kelihos Botnet Waves Emerge

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The Kelihos botnet has been spotted to have increased its attacks as of late. The threat was initially discovered in December 10. Over the years we have witnessed several different large-scale attacks against various targets – from individuals to large businesses. Over the years there have been several variants that featured a varying number of recruited bots. By definition this is a peer-to-peer (P2P) botnet type in which the individual nodes are capable of acting as C&C servers for the entire network. This allows the attack to be carried out even if a part of the botnet is shut down.

The Kelihos botnet has been identified to spread via infected USB flash drives. According to several accounts these instances have been used in geographically targeted attacks. They originate in New Delhi in India. Another instance was spotted to target companies in Canada and Kazakhstan by sending out thousands of spam email messages that use social engineering tricks to lure the victims into infecting themselves with malware. There are several main templates that are in use:

  • Tangerine Bank Phishing Attempt – Kelihos distributes an email message that imitates a web page. The user’s attention is directed to a button that states “TANGERINE online account has been suspended”. Once the user clicks on it they are redirected to a malicious site where they are prompted to enter their bank account credentials and payment card information.

  • Another version of the message uses the subject line “Your account is disabled. Please verify your information is correct“. The corresponding redirect link leads to a similar phishing site.

  • Kazakhstan Spam Attack – This attempt sends geo-targeted email messages to targets with inboxes that use Kazakhstan’s top level domain (KZ). The message subject line is written in Russian and reads “Глубокий м” which translates to “Deep m”. Likewise the victims are redirected to a dangerous hacker-controlled site.

  • Kelihos Academic USB Flash Drive – This is something that is expected from the Kelihos botnet. After a successful infection connected flash drives are also contaminated with a copy of the malware. Such drives can easily be distributed in education institutions like universities and schools.

For more information on the botnet and its many iterations you can read Gary Warner’s in-depth blog post. If you have been infected by this malware then you can easily remove the infection by using a quality anti-spyware tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts