Kaspersky teamed up with Microsoft to annihilate Kelihos Zombie Network

Zombie Network is listed as one of the top ten computer viruses, Microsoft This July has a reward for 250,000 of dollars to capture zombie network operators, it can be seen how abhorrent. Recently, there is news that the Kaspersky Lab teamed up with Microsoft, Kyrus Tech, successfully annihilated the infamous Kelihos botnet, and also hit the back of the zombie network to support the operation of the host service provider, which has provided anonymous domain name registration services.

It is reported that Kelihos is a point-to-point (peer-to-peer) type of zombie network. It consists of different kinds of node layers: control center, routing program and execution program. The control center is mainly controlled by botnets, who send instructions to zombie machines to monitor the dynamic structure of peer-to-peer networks. The infected devices that implement the routing program are devices with public IP addresses that can send spam, collect e-mail addresses, and find useful user information from the network stream.

Kaspersky Lab initially named Kelihos as Hlux, and it is estimated that the botnet used 40,000 computers, sending hundreds of millions of spam messages, stealing personal data, DDoS attacks and other criminal activities. In response, Microsoft has also taken legal measures to bring a civil lawsuit against 24 people associated with the botnet's underlying infrastructure, further crushing the botnet's alleged center. The important evidence that Microsoft submitted during the lawsuit included the reporting data provided by Kaspersky Lab and Kyrus Tech, providing detailed information on the evidence collection for the Kelihos botnet case.

Since the beginning of 2011, Kaspersky Labs has worked with Microsoft to track down the Kelihos botnet and shared information gathered by its US company and Microsoft on its botnet real-time tracking system. Kaspersky Labs also noted that the botnet was out of control and further confirmed that the botnet was the target of the tracking. Through reverse engineering, Kaspersky Lab experts decode the botnet, decipher its communications protocol, discover weaknesses in its peer-to-peer architecture, and develop corresponding tools to disrupt the network. In addition, the botnet used by the domain name has been deactivated under the court ban, with the help of Microsoft, Kaspersky Lab successfully break through the network, in the most complex internal communication system of botnet, control a computer.

On this zombie network annihilation action, Microsoft has expressed appreciation for the active participation of Kaspersky Laboratories, Microsoft Digital Crime Group senior lawyer Richard Boscovich said: "Kaspersky Lab in this operation played an important role, through their technical analysis, Provides us with professional information and in-depth insights on Kelihos botnet. These important information, including the analysis of the botnet and its architecture, not only serves as an important legal evidence, but is also an important part of the process of disrupting zombie networks. We are very grateful to Kaspersky Labs for their strong support and admiration for their commitment to creating a safer Internet. ”

Referring to the control of Kelihos Kaspersky Lab will continue to play a role, Kaspersky Lab German senior malware analyst Tillmann Werner said: "Kaspersky Lab breakthrough on the botnet from September 26, at that time encountered uncontrollable situation." But now, we have successfully controlled the communication system in the network related devices, further data mining can be found in different countries or regions of the severity of infection. For example, we have analyzed 61,463 infected IP addresses and actively contacted their respective Internet service providers to inform the network owner about the infection. ”