Researchers Say Kelihos Gang Is Building New Botnet

← Back to Stories (view on slashdot.org)

Researchers Say Kelihos Gang Is Building New Botnet

Posted by samzenpus on Sunday April 1, 2012 @10:40AM from the look-who's-back dept.

alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."

5 of 110 comments (clear)

Min score:

Reason:

Sort:

Re:How many of those where linux pc's again? by Gaygirlie · 2012-04-01 11:04 · Score: 5, Insightful

The OS in question bears no relevance here: it's a trojan, something a user installs on his or her own, and thus could just as easily apply to Linux, too. Linux isn't some magic bullet that is immune to trojans; as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs, having root access is just a bonus, not a necessity.
Two deadly vectors of infection... by mspohr · 2012-04-01 11:12 · Score: 3, Insightful

Another reason I'm glad I don't use Facebook or Windows.

--
I don't read your sig. Why are you reading mine?
1. Re:Two deadly vectors of infection... by SJHillman · 2012-04-01 11:22 · Score: 3, Insightful
  
  As a previous poster pointed out, trojans care not if it's Windows, Linux, Mac OSX or BSD because the user is the weak link, not the OS. All you need is 1) a trojan for that OS and 2) a user that gives the trojan permissions - most infections I've come across on Windows lately do not have administrator permissions unless the user does. Likewise, Facebook isn't so much the weak link as users are because they'll click on anything.
Re:How many of those where linux pc's again? None by Anonymous Coward · 2012-04-01 11:23 · Score: 2, Insightful

Linux isn't some magic bullet that is immune to trojans
repeat after me, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel

as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs
How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
So yeah, I have yet to see a malicious ELF executable being distributed on Facebook - LOL!
Re:How many of those where linux pc's again? None by monkeyhybrid · 2012-04-01 11:48 · Score: 4, Insightful

How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
And nearly all will run bash, python and perl scripts. A malicious payload doesn't have to be a compiled binary.