The Inside Story of the Kelihos Takedown 83
Trailrunner7 writes "Earlier this week, Microsoft released an announcement about the disruption of the Kelihos botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams, and distributed denial-of-service attacks. The botnet had a complex, multi-tiered architecture as well as a custom communication protocol and three-level encryption. Kaspersky Lab researchers did the heavy lifting, reversing the protocol and cracking the encryption and then sink-holing the botnet. The company worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system."
Re:Uhm... (Score:2, Interesting)
Because these botnets are run by, or closely work with, organised crime organisations.
If the become a big enough problem and cause enough damage then said organisations will probably have no qualms bringing the fight into meatspace.
Would Kapersky continue doing this if one of their employees was murdered in retaliation?
Messes from 8+ years ago, maybe. (Score:3, Interesting)
I would agree with this if this was posted sometime circa 2005 or before, but that really isn't the case now.
This malware and others like it can only take over if you open an e-mail, go to a bad website, download a bad executable, and run it. Let's break that down.
E-Mail: Any credible ISP and any web-based e-mail service (Yahoo/Gmail/Hotmail) will filter botnet spam. Even if you find said botnet e-mail in your spam folder and try to go to it, any modern web or desktop e-mail client will still warn you like hell.
Browser: Internet Explorer 8 has a malware filter enabled by default (SmartScreen). You get a horrible warning if you try to access malware, and an even worse one if you try to download an executable flagged as malware. IE8 is freely available for XP users, and every mainstream website in the world (including MSFT's) will nag you to upgrade, as most (Youtube/Facebook/Google) don't even support XP's default of IE6 anymore.
OS/User Access: Windows Vista is nearly 5 years old now and included proper user-mode access to the system (UAC) by default. Try to run something that will do something horrible like Kelihos will, and it will also flag a less dangerous-looking, but existent "do not run this" warning. That was improved with Windows 7, which is now 2 years old.
Patches on XP: Anything since XP SP2 (August 2004?) will not only nag for Windows update, but even forcibly reboot your system after enough idle time if what needs to be patched could open the door for botnets. Like with any of the years before listed, any retail PC sold since then will have that. Patches on XP won't fix everything, but the patches (Malicious Software Removal Tool) will typically circumvent well-known botnets.
Conclusion: I would say almost the entirety of the 41,000 systems affected had somehow went ridiculously unpatched for years. We're probably talking Windows 2000 systems. And Linux/BSD was always better as a baseline, but run it unpatched at any such similar level as described, and it will have even worse SSH server vulnerabilities for starters.