Microsoft Takes Down Yet ANOTHER Botnet, Kelihos!

While the world may still have been celebrating Microsoft’s victory in their civil case against the masters of the notorious Rustock botnet, Microsoft was already in process of knocking yet another botnet – Kelihos – offline.

Although the Kelihos botnet was far smaller than Rustock, having lassoed in 41,000 computers worldwide versus Rustock’s 1.6+ million, it was still being a nuisance by pumping out 3.8 billion spam emails per day.

Spam messages sent out by the Kelihos botnet advertised everything from unapproved generic prescription drugs to fraudulent stock scams, all the way to child pornography websites. Like any other spam message, the ultimate goal was to steal sensitive user data & recruit new computers into the botnet’s army of zombie PCs.

In order to sever the tie between the infected PCs and the Kelihos botnet operators, Microsoft asked the U.S. District Court in Richmond to order that the 21 domains linked to the command & control servers be shutdown.

In the complaint, Microsoft also named the defendant & alleged controller of the Kelihos botnet as Dominique Alexander Piatti. Piatti’s company, dotFREE Group SRO was also listed, along with 22 anonymous co-defendants that owned domains & subdomains that were used to control the botnet.

Microsoft says they’re working with Internet Service Providers (ISPs) & Community Emergency Response Teams (CERTs) in addition releasing updates for their Malicious Software Removal Tool in order to clean up the aftermath of the Kelihos botnet. If you fear your PC has been infected, Microsoft offers a collection of free tools and helpful information to help remove malware & regain control of your PC.

For more information related to the takedown of the Kelihos botnet, check out this post on Microsoft’s Official blog.

Photo Credit: buggolo

Microsoft Wins Rustock Civil Case, Hands Evidence Over to FBI

Today Richard Boscovich, a Senior Attorney of Microsoft Digital Crimes Unit, wrote on Microsoft's Official blog that Microsoft has won the civil case against the Rustock botnet operators.

All of the evidence Microsoft gathered during the investigation will be turned over to the FBI for a possible criminal case.

Microsoft says that the $200,000 reward for any new information or tips that help with the arrest & conviction of Rustock botnet ringleaders is still up for grabs as well, but that tipsters should contact the FBI directly.

In addition to news of the civil case victory, Microsoft also revealed new numbers related to Rustock infections, showing that the Rustock botnet has decreased in size by almost 75% since it was taken down six months ago.

Back in March, the number of worldwide infections was a little over 1.6 million, but today it hovers just above 420,000. The top 10 countries infected are now (in order): India, USA, Turkey, Italy, Russia, France, Germany, Brazil, United Kingdom, and Poland.

Rustock once reigned as the leading single source of spam, pumping out a whopping 30 billion spam emails per day at its peak. Most spam emails advertised prescription drugs such as Viagra and contained attachments laced with a Trojan that would recruit the recipient’s machine into the botnet.

Additional information, including exact counts for the number of infected machines per country, can be seen on Microsoft’s Official Blog.

Photo Credit: Dreamstime

US is No Longer Top Source of Email Spam

According to a study by Kaspersky Labs, the US – once the leading source of spam messages – doesn’t even appear in the list of top 10 spam sources. Not only that, but it barely makes the top 20 on occasion.

Why the big change in spam sources?

It seems that botnets Pushdo/Cutwail, Bredolab and Rustock all played a very large role in keeping the US at the top of the list for spam distribution. Once those botnets started to be taken offline, the US started to trickle down the spam source ranks.

The top spam producing countries are now India, Indonesia, Brazil, and Peru. Together they contribute to nearly half of the world’s spam.

Kaspersky Labs' analysis even suggest that cybercriminals have learned from the anti-botnet crusades that lead to the take-down of the top US botnets and they’re spreading their resources across different countries to ensure they’re able to thrive should they lose a bot somewhere.

Photo Credit: ipalatin