Go Back   Tech Support Forum > Security Center > Computer Security News

Microsoft fails to credit Kaspersky Lab for Kelihos botnet takedown

This is a discussion on Microsoft fails to credit Kaspersky Lab for Kelihos botnet takedown within the Computer Security News forums, part of the Tech Support Forum category. Microsoft grabbed headlines this week with its report about the successful takedown of the Kelihos botnet, but while the company


Reply
 
Thread Tools Search this Thread
Old 10-01-2011, 08:18 AM   #1
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,491
OS: Win XP Pro SP3 / Win 7 Pro

My System


Microsoft grabbed headlines this week with its report about the successful takedown of the Kelihos botnet, but while the company detailed the achievements of its Digital Crimes Unit, it failed to mention the major role security firm Kaspersky Lab played in the operation.

Microsoft's Kelihos takedown announcement centred on the fact that its specialised team of lawyers succeeded in naming defendants in a botnet-related federal court complaint for the first time. Such cases usually involve unknown parties.

The named defendants were Alexander Piatti and his company dotFREE Group SRO, which operated a second level domain registration service in the .cz.cc name space. This service was abused by the botnet's operators to set up hosts for their control infrastructure. A temporary restraining order was obtained by the Digital Crimes Unit in the US District Court for the Eastern District of Virginia, forcing VeriSign to suspend the cz.cc domain.

Microsoft did not disclose any technical details about how Kelihos was hijacked from its original operators, because Kaspersky Lab handled that part of the operation. The security company's experts explained in a lengthy blog post how they took control of the botnet, but they probably didn't appreciate being left out of the story in the first place.

"Hey @msftmmpc [Microsoft Malware Protection Center] why didn't u mention all truth about Hlux/Kelihos botnet taking down?" wrote Dmitry Bestuzhev, head of Kaspersky Lab's global research and analysis team for Latin America.

"Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure," said Tillmann Werner, a senior virus analyst with Kaspersky in Germany. "We worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system," he added.

Even the antivirus vendor's co-founder and CEO, Eugene Kaspersky, got the message: "The flipside of the Microsoft's takedown of Kelihos (Hlux) botnet."

Kaspersky Lab currently operates the only server where computers infected with this malware connect to, which effectively puts it in control of the botnet. The company has the resources to keep this so-called sinkhole operational for a long time, but the end goal is to reduce Kelihos' size as much as possible.

Sending commands to clean the infected systems remotely would be illegal in most countries, so this won't be an easy task. Microsoft has added detection for the Kelihos malware family to its Malicious Software Removal Tool (MSRT), which is distributed to computers worldwide via Windows Update, but the effects have yet to show.

The software giant claims that not crediting Kaspersky Lab in its original announcement was the result of poor communication between the two companies. "Due to an unfortunate miscommunication between Microsoft and Kaspersky prior to the announcement, Microsoft was operating under the belief that it was Kaspersky's desire to not be proactively mentioned in the announcement, as some partners commonly request and which we understand and respect given the sensitivity of these situations," said Richard Boscovich, a senior attorney with the Microsoft Digital Crimes Unit.

"However, we were very glad to see Kaspersky subsequently come forward with their role in the operation, because we very much want to give them the credit they deserve. Their research and unique, in-depth insight into the botnet was invaluable in this case and we are grateful for their support and determination to make the Internet safer for everyone," he added.



Microsoft fails to credit Kaspersky Lab for Kelihos botnet takedown - Techworld.com

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
Google links redirect to random sites in Firefox
Running Windows 7 professional 64 bit. Google search links redirect to random sites on clicking. Thank you for your help! I tried running some programs named in earlier forums before reading what to do for help. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by...
stbh Resolved HJT Threads 16 07-15-2011 12:49 AM
XP Anti-Virus 2011
I have this Virus called XP Anti-Virus 2011, i restarted my computer and tryed safe mode, but the start menu wont load in any mode, i cant open Firefox to download any anti virus or anything it blocked it, all my icons/start menu is gone it just shows background. Ive tryed looking on google but...
Plus2112 Inactive Malware Help Topics 13 06-10-2011 08:34 AM
Infections / Malware / rundll32.exe error
My computer was last used by someone to download games and watch videos on the internet. The next thing I know, there were pop-ups. I am constantly getting these fake spyware removal pop ups. I tried going into control panel/add-remove programs and I get a 'rundll32.exe' error message. I used...
6one9 Resolved HJT Threads 54 05-16-2011 06:06 AM
Google Redirect on Windows 7 not found on any programs I've tried running!
Apparent Google Redirect virus on Windows 7, have tried Malwarebytes, spybot, microsoft essentials, mcafee, etc. System has showed clean on all programs, but I'm redirected consistently when using Google search. Please help! DDS (Ver_10-12-12.02) - NTFSx86 Run by office depot at 20:11:06.85...
mags83 Resolved HJT Threads 18 01-25-2011 02:02 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:11 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts