

Kelihos Relying On CBL Blacklists To Evaluate New Bots 23
Gunkerty Jeb writes "Kelihos, the peer-to-peer botnet with nine lives, keeps popping up with new capabilities that enable it to sustain itself and make money for its keepers by pushing spam, harvesting credentials and even stealing Bitcoins. According to a number of sources, Kelihos is now leveraging legitimate and freely available security services that manage composite blocking lists (CBLs) to determine if a potential victim's IP address has previously been flagged as a spam source or as a proxy."
Even bot-writers have to get modern eventually (Score:5, Insightful)
Real-time block lists have been the standard for blocking spam for quite a while. There is nothing new here, just some bot-net developers finally catching up.
I have to say I am ambivalent about this. On the one hand, it will taint a number of IP addresses (or whole subnets if the RBL provider is stupid, and some are). On the other hand, it will drive home the point that server security is non-optional, which is a good thing.
Spam is good! (Score:2)
Re:Spam is good! (Score:5, Informative)
Re: (Score:2)
Re: (Score:2, Insightful)
Stealing Bitcoins and pushing spam. Bah, what is Google [startpage.com] about ? Stealing data and pushing their spam on first position.
Google doesn't 'steal' anything. They make it perfectly clear what their privacy policy is. They also don't push spam. They're an advertising company. They give people free services. Those people who choose to use those services are agreeing to their terms.
Re: (Score:3)
If I send a letter through the Postal Service to my friend Alex, then Alex can show the letter to other people, or even have a service open the letter to sort it and to throw away circulars and junk mail. OH NOES ALEX IS INFRINGING MY RIGHTS. And according to you, so are anti-spam systems.
Also, do you have any proof that Google sells information about anyone, or are you just confused and ranting?
Re:What is Google ? Something different ? (Score:4, Insightful)
Trust requires two people. If you don't trust the party on the other end, you shouldn't be sending them email. It's not the only way to communicate.
Re: (Score:2)
Then blacklist gmail from your outgoing mail.
Wow, that was difficult.
But where does it end? Do you read the privacy policies of all your recipients' hosts? How many hours are in your day? Do you include that useless-as-tits-on-a-bull "this is proprietary information blah blah blah" legal "disclaimer" on the bottom of your email?
Where does your insanity end?
--
BMO
Kelihos, the peer-to-peer botnet (Score:4)
So what? (Score:1)
Re: (Score:1)
I agree, all this will do is add more IPs to the spam databases, and in my opinion, that's probably a good thing. The only downfall I can see with this is making the virus sleep or attempt to obtain new IP addresses until its not blacklisted, but I don't see that being a problem in practice either, because residential users shouldn't be sending mail anyways, and businesses should be monitoring their mail servers and firewalls.
Blocklists @ BOTH IP & host-domain levels (Score:1, Informative)
For firewall blocklists AND hosts files users block lists also:
http://malwaremustdie.blogspot.com/2013/08/the-quick-report-on-48hours-in-battle.html [blogspot.com]
* Enjoy!
APK
P.S.=> It's a COMPLETE RUNDOWN of what the Kelihos botnet utilizes (and thus, what to blockout @ BOTH the firewall &/or custom hosts file levels for "layered-security"/"defense-in-depth")...
... apk
composite blocking lists (Score:2)
I wondered what kind of black listing the Canadian Baseball League was up to.