Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft killed Kelihos botnet SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft killed Kelihos botnet

Great news for Internet security. Microsoft has effectively killed off the Kelihos botnet which has about 42-45K nodes. The signature to remove the botnet agent from infected machine is added to the Malicious Software Removal Tool which will be rolled out to users taking automatic updates. Microsoft also took a proactive approach on the legal front, filing for court order to get Verisign (the domain registrar for the malicious domains) to take down the malicious domains related to the botnet operations.

Great to see the Digital Crimes Unit at Microsoft being so proactive about shutting down malware. 

More info on this,

http://blogs.technet.com/b/mmpc/archive/2011/09/26/operation-b79-kelihos-and-additional-msrt-september-release.aspx
http://www.computerworld.com/s/article/9220321/Striking_a_domain_provider_Microsoft_kills_off_a_botnet?taxonomyId=82&pageNumber=1

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco 2021

Jason

93 Posts
ISC Handler
Sep 27th 2011
This would be more impressive is today Microsoft didn't kill Google Chrome.....

http://rss.slashdot.org/~r/slashdot/eqWf/~3/G-msUVf_OX4/Microsoft-Security-Products-Flag-Google-Chrome-As-a-Virus
Anonymous

Sign Up for Free or Log In to start participating in the conversation!