Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft killed Kelihos botnet - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft killed Kelihos botnet

Great news for Internet security. Microsoft has effectively killed off the Kelihos botnet which has about 42-45K nodes. The signature to remove the botnet agent from infected machine is added to the Malicious Software Removal Tool which will be rolled out to users taking automatic updates. Microsoft also took a proactive approach on the legal front, filing for court order to get Verisign (the domain registrar for the malicious domains) to take down the malicious domains related to the botnet operations.

Great to see the Digital Crimes Unit at Microsoft being so proactive about shutting down malware. 

More info on this,

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London July 2022


93 Posts
ISC Handler
Sep 27th 2011
This would be more impressive is today Microsoft didn't kill Google Chrome.....

Sign Up for Free or Log In to start participating in the conversation!