Microsoft Neutralizes Kelihos Botnet - Page 2

Re: Microsoft Neutralizes Kelihos Botnet

#12466 by fatdcuk
Sun Apr 01, 2012 1:15 pm

C= Medhos ??

Ade Gill
Malwarebytes Researcher

Username

fatdcuk

Posts

46

Joined

Mon Mar 15, 2010 7:45 pm

Contact

Re: Microsoft Neutralizes Kelihos Botnet

#12530 by Kafeine
Thu Apr 05, 2012 1:34 pm

VT: 4608e9aae0491598c5b6a29703047360
(attached and also available here : http://minus.com/mi2Eq9H1A/ )
Related doc : Kelihos is dead. Long live Kelihos

Just saying...owner of the BH EK have also spread the Goldenbaks Ransom (cf: Goldenbaks entry on botnets.fr & The “Police Trojan” AN IN-DEPTH ANALYSIS (PDF from Trend Micro )

Attachments

4608e9aae0491598c5b6a29703047360_povokim.zip

Pass: infected - Kelihos 2012-04-05
(43.57 KiB) Downloaded 43 times

Username

Kafeine

Posts

105

Joined

Thu Jul 28, 2011 1:19 pm

Re: Microsoft Neutralizes Kelihos Botnet

#12531 by rkhunter
Thu Apr 05, 2012 7:20 pm

Kafeine wrote:VT: 4608e9aae0491598c5b6a29703047360
(attached and also available here : http://minus.com/mi2Eq9H1A/ )
Related doc : Kelihos is dead. Long live Kelihos

MS saying that detects new variant as Backdoor:Win32/Kelihos.F. This sample detected as TrojanDownloader:Win32/Waledac.C, moreover Kespersky detects it as Trojan-FakeAV.Win32.SmartFortress2012.ml...
So, accordingly to Microsoft TrojanDownloader:Win32/Waledac.C can downloads Win32/Waledac and Winwebsec. I. e. Kaspersky verdict may be is a right but not quite.
In the Dambala blog don't mentioned MD5 of samples. So I don't know what it mean...
I don't think that this is new variant of Kelihos.

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact