Kelihos lives on thanks to Facebook trojan

  Soon after security experts announced the dismantling of the Kelihos.B botnet on Wednesday, the culprits behind the attack reconfigured the malware -- and it is now going social.

  Criminal gangs are leveraging Fifesock, a social networking trojan discovered last April, to spread the newly furnished Kelihos.C malware to already infected machines.

  Computers initially are hit when users click on a malicious link in their Facebook inbox that directs them to a website using a deceptive photo album download link as bait. Once they accept the download, victims' computers become infected with Fifesock, which has the capabilities to then install additional malware -- in this case Kelihos.C, also known as Hlux.

  Kaspersky Lab, CrowdStrike, Dell SecureWorks, and research organization The Honeynet Project recently joined forces to create a “sinkhole” that managed to prevent the Kelihos.B botnet from being able to connect to infected machines. However, some compromised computers may still be infected with the Fifesock worm, giving the cyber criminals behind the attacks the option to install the reconfigured botnet.

  According to a blog post by Seculert, the cyber threat management firm has identified more than 70,000 Facebook users who are infected with the Facebook worm and are caught up in inadvertently sending the malicious links to their friends.

  “We're seeing thousands of new users a day,” Aviv Raff, CTO of Seculert, told SCMagazine.com. “We've already provided Facebook with all of the accounts we've seen compromised.”

  In an email to SCMagazine.com, Frederic Wolens, a spokesman for Facebook, said that the company is attempting to eliminate the threat through collaboration with researchers, and has been successful at blocking spam being sent by the Fifesock worm.

  “We have been proactively remediating any infected users in our 'malware checkpoint,'” Wolens said.

  Fifesock also spreads through other social media websites, Wolens said.

  This reconstructed botnet likely was created by many of the same people behind the original Kelihos, the code of which is linked to a ring responsible for creating botnet families that include Waledac and Storm Worm.

  “It's some sort of pay-per-install service,” Raff said. “There seem to be two different groups that have joined together. One is using the Facebook worm, and the others are paying them in order to install the Kelihos botnets on their infected machines.”

  Botnet activity can be disrupted, but the only way to permanently shut one down is to arrest and prosecute the creators, Marco Preuss, head of global research and analysis in Germany for Kaspersky Lab, said in an email sent to SCMagazine.com.

  “This is a difficult task because security companies encounter different federal policies, jurisdiction and legal processes in various countries where botnets are located,” he said.

(责任编辑:)

分享到:

更多
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
  • 微笑/wx
  • 撇嘴/pz
  • 抓狂/zk
  • 流汗/lh
  • 大兵/db
  • 奋斗/fd
  • 疑问/yw
  • 晕/y
  • 偷笑/wx
  • 可爱/ka
  • 傲慢/am
  • 惊恐/jk
用户名: 验证码:点击我更换图片
资料下载专区
图文资讯

英国官员:让华为参与英国5G建设风险可控

英国官员:让华为参与英国5G建设风险可控

2月21日,英国金融时报报道称,在布鲁塞尔发表的一次演讲中,英国信号情报机构政府通...[详细]

西媒:以色列打造网络安全“硅谷”

西媒:以色列打造网络安全“硅谷”

2月13日报道 西媒称,凭借每年超过10亿美元的企业投资,以色列已经成为全球网络安全领...[详细]

俄罗斯力推脱离互联网计划 确保应急状态下

俄罗斯力推脱离互联网计划 确保应急状态下网络安全

俄罗斯新闻机构 RosBiznesKonsalting(RBK)上周报道称:作为计划实验的一部分,当局正...[详细]

GSMA呼吁欧洲守住网络安全和网络基建供应竞

GSMA呼吁欧洲守住网络安全和网络基建供应竞争力

5G将改变欧洲公民的生活和工作方式。5G作为现有4G网络的补充,与之协同工作将比以往更...[详细]

涉嫌窃取近千政界人士信息 德国20岁黑客遭

涉嫌窃取近千政界人士信息 德国20岁黑客遭逮捕

涉嫌窃取德国近千政界人士信息的黑客落网 政府拟修法加强网络安全 德国当局8日宣布,...[详细]

返回首页 返回顶部