Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kelihos Relying On CBL Blacklists To Evaluate New Bots

Posted by samzenpus on from the make-your-time dept.

Gunkerty Jeb writes "Kelihos, the peer-to-peer botnet with nine lives, keeps popping up with new capabilities that enable it to sustain itself and make money for its keepers by pushing spam, harvesting credentials and even stealing Bitcoins. According to a number of sources, Kelihos is now leveraging legitimate and freely available security services that manage composite blocking lists (CBLs) to determine if a potential victim's IP address has previously been flagged as a spam source or as a proxy."

6 of 23 comments (clear)

  1. Even bot-writers have to get modern eventually by gweihir · · Score: 5, Insightful

    Real-time block lists have been the standard for blocking spam for quite a while. There is nothing new here, just some bot-net developers finally catching up.

    I have to say I am ambivalent about this. On the one hand, it will taint a number of IP addresses (or whole subnets if the RBL provider is stupid, and some are). On the other hand, it will drive home the point that server security is non-optional, which is a good thing.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Spam is good! by greg.allen.uk · · Score: 2

    Just send out loads of spam from your PC, or self-nominate your IP as a source of spam to get yourself immunity from the smart bots.

    1. Re:Spam is good! by Zocalo · · Score: 4, Informative

      Chances are that the CBL check is just to determine whether the compromised PC is likely to be useful for sending spam or not. If the check comes back with a positive listing, then the PC will simply be used for other things such as launching DDoS attacks, hosting support services and so on. If you want to try and make a PC useless to smart bots, or as near as it can be, in the event of a compromise then robust egress filtering of outbound connections is a far better way to go. As a bonus the logs from your egress filters should also make it much easier to detect when hosts have been compromised so that you can deal with them promptly.

      --
      UNIX? They're not even circumcised! Savages!
  3. Kelihos, the peer-to-peer botnet by dgharmon · · Score: 3

    Shouldn't that be Kelihos, the peer-to-peer Windows botnet ..

    --
    AccountKiller
  4. Re:What is Google ? Something different ? by kqs · · Score: 2

    If I send a letter through the Postal Service to my friend Alex, then Alex can show the letter to other people, or even have a service open the letter to sort it and to throw away circulars and junk mail. OH NOES ALEX IS INFRINGING MY RIGHTS. And according to you, so are anti-spam systems.

    Also, do you have any proof that Google sells information about anyone, or are you just confused and ranting?

  5. Re:What is Google ? Something different ? by Overzeetop · · Score: 3, Insightful

    Trust requires two people. If you don't trust the party on the other end, you shouldn't be sending them email. It's not the only way to communicate.

    --
    Is it just my observation, or are there way too many stupid people in the world?