Researchers Say Kelihos Gang Is Building New Botnet

alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."

Re:How many of those where linux pc's again?

[Gaygirlie]

The OS in question bears no relevance here: it's a trojan, something a user installs on his or her own, and thus could just as easily apply to Linux, too. Linux isn't some magic bullet that is immune to trojans; as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs, having root access is just a bonus, not a necessity.

Two deadly vectors of infection...

[mspohr]

Another reason I'm glad I don't use Facebook or Windows.

Re:Two deadly vectors of infection...

[SJHillman]

As a previous poster pointed out, trojans care not if it's Windows, Linux, Mac OSX or BSD because the user is the weak link, not the OS. All you need is 1) a trojan for that OS and 2) a user that gives the trojan permissions - most infections I've come across on Windows lately do not have administrator permissions unless the user does. Likewise, Facebook isn't so much the weak link as users are because they'll click on anything.

Re:Two deadly vectors of infection...

[mspohr]

So why does this only infect Windows? Are Linux and Mac users smarter? Are all Facebook users incredibly stupid? Do only Linux and Mac users realize that it's stupid to type in your password for some random software? Are only Windows users smart enough to remember their administrator passwords? Does god hate Windows? Do the people who write trojans hold a particularly low opinion of Windows users? Are they trying to educate Windows users? Is that possible? I know a few Windows users and they don't seem that stupid. Some of my best friends use Windows but they don't have a clue about this "administrator" stuff. Should we try to explain it to them our just charge them money to clean up their computers? I think that after that whole thing with the Greeks and Trojans that people should be on to them by now... I mean its been like thousands of years. I really don't want to believe that Windows users are stupid, I'd rather blame Microsoft. Mac and Linux don't seem to have these problems with Greeks and Trojans and stupid users...

Re:How many of those where linux pc's again? None

Linux isn't some magic bullet that is immune to trojans

repeat after me, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel

as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs

How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.

So yeah, I have yet to see a malicious ELF executable being distributed on Facebook - LOL!

Re:How many of those where linux pc's again? None

[Mitchell314]

People running Linux are also more educated.

Isn't the front line of defense in security a vigilant and knowledgeable userbase, not the OS/kernel? Yeah, yeah, I know, it's a free-ponies-for-all pipe dream.

Re:How many of those where linux pc's again? None

[monkeyhybrid]

How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.

And nearly all will run bash, python and perl scripts. A malicious payload doesn't have to be a compiled binary.

Anonymous

We all knew Anonymous would strike again. Why aren't the authorities doing something about these criminals?

Maybe what we need to do is make it so that nobody can access the internet without supplying a sample of their DNA. And then make it so that all communications from the user to the internet are logged in an extremely verbose manner, and have a system of spy networks at the ready to detect subversive behavior. The governments could intentionally put things like porn or questionable books like Fahrenheit 451, 1984, or The Diary of Anne Frank on the internet and then arrest civilians when they try to access them.

I wish I were in a position of power where I could institute a program like that in the United States of America. For too long we have strayed from the Lord's Path, and we need a true leader to bring this country back in the right direction.

Re:How many of those where linux pc's again?

[Billly+Gates]

I am sick and tired of this MS FUD. ... why do I keep coming here?

Your bias is based on 10 to 15 year old facts on depreciated or nearly depreciated kernels and apis. I think it is a sign of insecurity to blindly follow something when facts are contrary.

Last week a slashdotter said in a straight face that he is waiting for the first ever unix virus as they do not exist and was gloating. I kindly reminded him where did the term root*kit came from? Root sounds like a Linux account if you ask me.

I have seen financial institutions SuSE Enterprise Servers hacked with a rootkit installed running a Russian Phishing scheme. The admins said We use UNIX ITS SECURE bla bla. Sigh.

Back to the topic, Windows 7 supports ASLR, DEP, sandboxing, privilege separation, and other many improvements that I do not see in Linux.

If you know the ram address of a particular .SO in linux you can get it through a buffer overflow. In Windows Vista and higher you can't as the ram address is randomized. Windows has anti virus scanners that actually block malware and shield. Linux does not.

  This blind zeolotry reminds me of those who hate evolution so much they make all sorts of crazy theories like people walking with dinosaurs 5,000 years ago and global warming is a hoax etc. This is because they feel threatened their religion and beliefs are somehow under attack by anyone who is not a (R) or evangelical. It is harmful for those in IT who will refuse to take precaution to secure their linux systems.

I have seen malware in ads written in javascript that exploit the flash/java/browser and will run fine under Linux because the exploit is multiplatform. I hope your anti virus is up to date. Oh, thats right Linux which is written in C just like Windows could not possible suffer from buffer overflows, stack smashing, and other things

Re:How many of those where linux pc's again? None

[PigleT]

It's a simple case of majority-ism. Most facebook users will be on Windows and probably IE, so if you're going to make a trojan, to make your job easy that's who you target.

Security isn't limited to exploits in the scope of a user's OS; it's all about privacy, and messing in their web-identified spaces also counts as a security violation.