Kelihos Botnet Coming Back to Life
A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.
Kelihos was never big compared to a lot of the botnets. Despite it’s size, it was extremely active. Spam and malware go hand in hand. Much of it is infected links in email which is the easiest way to infect the individual computer user.
The hard way that provides more computers for the bot-herder is injecting a web site. Not just any website will do. Google and most search engines, carry a list of known infection sites to block or refuse to connect to. That list is updated regularly. Most of them aren’t reputable sites to begin with and lack certificates, making them easier to identify. Certifications were covered in an earlier article here at Security on steroids.
The valuable site to inject, is the one with a good reputation. Inserting an i Frame of no size, makes it invisible to the eye but not to the computer. So getting a piece of internet real estate is essential to those plans.
Every time someone shows up, the i Frame redirects the computer for an adjacent web stream unknown to the user. It will then download and install the root kit for the bot. Once that is done for all practical purposes it is invisible to the user and to most malware hunters. After the installation, updates can be done at any time through the command and control servers. The bot-herder then has control of the computer without the knowledge of the owner.
Spam prevention is a major headache. In 2011, in the US alone the total estimated spam traffic for the year was around 7 trillion messages. The estimated costs vary between 1/2 million and 3 1/2 million depending on which country and source you refer to.
It also seems that spam grows with time. The first year a company has to deal with spam, it might only be 10 a day. By the third year that has rising exponentially to an estimated 1000 a day according to on line sources.
Bill Gates had one solution to spam, charge for an email, like you would a stamp on a letter. The cost doesn’t have to be big but it does have to have a cost. For those that send a few emails a week, you wouldn’t notice the cost really. For those sending out 1000′s of emails a day, the cost would be quite heavy. The main problem with putting that into service is that most individual users have no idea their computer is infected. Receiving an email bill for a $1000 would be a serious shock.
Spam economics work out because of the low delivery costs. If 7 to 10 reply out of a 1000, that will pay for itself and give some profit.
My cure would not work for businesses. I no longer use email to any degree and thereby save all sorts of time in not dealing with spam. When I must use an email, it is usually a one time usage address.