Back near the end of the summer of last year both Microsoft and Kaspersky Lab, a security software company, worked together to bring down one of the reported biggest spam botnets that was responsible for polluting machines around t he world.
Called the Kelihos botnet the network consisted of around 45,000 infected computers but despite those low numbers it was able to pump out nearly 4 billion spam messages a day. These spam messages were used to promote everything from pornography to illegal pharmaceutical drugs and stock scams.
The two companies worked together to create what is referred to as a ‘sinkhole’ which is used then to get the infected machines to talk with it. Of course researchers knew that it was only a matter of time before those that controlled the botnet regained control of the infrastructure mainly because neither Microsoft or Kaspersky Lab could forcefully clean the infected machines since they were in countries where this action would be considered illegal.
Meddling with another person’s computer could be considered a form of hacking, even with the best intentions of security researchers. Unfortunately, it appears that many of the machines infected with Kelihos are now controlled by the bad guys again.
There are also other new variants of Kelihos that are using updated forms of encryption to mask the communication with the botnet controllers, Herkanaidu said. Maria Garnaeva, a researcher with Kaspersky Lab, wrotethat two different RSA keys are being used for encryption, which means it is possible two different groups are controlling Kelihos.
The end result of this is that we could very soon see a whole new wave of spam start to hit the web even as Microsoft and Kaspersky get back to working on studying the new variants and trying to once more stop a spam invasion.