Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

'Virut' botnet dealt blow as registrar sinkholes domains

Had been resurrecting Kelihos bot, said Symantec

Article comments

Poland’s national NASK domain registrar has taken control of 23 domains it said were being used to support the Virus botnet has been attempting to resurrect the tenacious Waledec/Kelihos bot severely damaged by Microsoft in 2011.

Virut itself is relatively modest on the botnet scale at any one moment in time, with perhaps 300,000 clients in its grip, but it has proved incredibly resilient, having survived attempts to shut it down since appearing in 2006.

It is also virulent, NASK said, having infected 890,000 IP addresses during 2012 in Poland alone, which means it is able to keep finding new machines to infect even as previously infected ones are detected.

In addition to the sinkholing of the domains, NASK said it had disrupted Virut’s command control infrastructure, which will put the bot on the slide for the timebeing at least.

As to what Virut has been used for, it would be easier to name the scams and malware it hasn’t been involved with. NASK mentions spam, DDoS, and malware such as Zeus (a rapacious bank Trojan) and the Palevo worm, not to mention pay-per-install malware campaigns. But it is its possible involvement in attempting to revive the defunct Waledec (aka Kelihos) botnet that is the most intriguing.

According to a report from Symantec last week, Waledac.D had recently been on an upswing as a spam platform, with Virut suspected as the distribution mechanism.  The best way to heal a broken botent? Using another botnet apparently.

This will dismay bot-hunters that had thought this particular nasty might be gone for good after a notable operation called ‘b49’ in which Microsoft shuttered the whole C&C and its associated domain infrastructure in a matter of weeks during 2011.

Since that time, Kelihos has tried to rise again but has struggled to make much impression, until now. Symantec said the number of infected machines was around the 80,000 mark, which suggests the bot was gaining traction.

Redmond’s lawyers later accused a named Russian as being behind Kelihos/Waledec, a charge denied by the individual concerned. Unusually, the company later backed down on the accusation.

NASK's actions are a welcome if unexpected event, apparently carried out with the help of Spamhaus and VirusTotal.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *