Home Security The Feds Vs. The Kelihos Botnet: One Down, An Untold Number To...

The Feds Vs. The Kelihos Botnet: One Down, An Untold Number To Go


It’s interesting to look back on childhood and realize how some of the games we played that were supposed to be fun were actually infuriating. Like whack-a-mole. It was always a short-lived victory because as soon as you got one mole, up popped another.

Perhaps the annoyance that was that particular carnival game was necessary to prepare us for life, or at least for the fight against botnets. The FBI recently scored a big win, arresting the mastermind behind the infamous Kelihos botnet. How much will this really impact the current cyberattack landscape, though? If you paid attention to that whack-a-mole analogy, you know the answer is not enough.

Botnets in general

A botnet is a network of devices with an internet connection that have been infected with malware that enables remote control by an attacker. Botnets can range in size from dozens of devices to, lately, hundreds of thousands or even millions of devices thanks to the weakly secured devices in the Internet of Things (IoT). Generally speaking, the bigger the botnet, the more destruction it can manage.

Like a hive of worker bees, the devices in a botnet can work together to accomplish all sorts of malicious actions at the behest of the attacker behind them. Right now the big botnet-powered attack type in the news is DDoS or distributed denial of service, attacks that use the combined resources of a botnet to overwhelm a target website or online service with malicious traffic with the goal of taking it offline or slowing it down beyond the point that it can be used.

Other uses of botnets include spamming, click fraud, mining or stealing digital currency like Bitcoin, and distributing malware including spyware that gathers sensitive data such as passwords.

Kelihos in particular

There have been a number of high-profile botnet takedowns recently, including Avalanche, Mumblehard and most recently Kelihos. Kelihos first sprang onto the cybercrime scene in 2008 and in its nine years of operation has been responsible for delivering banking trojans to steal financial information, stealing Bitcoin, and performing Denial of Service attacks. Yet it was perhaps most famous for its spamming, routinely landing on lists of top 10 spammers.

After three failed attempts at a takedown, Kelihos’s reign of botnet terror finally came to an end when its operator, Russian national PyotrYuryevichLevashov, was arrested in Barcelona after an investigation by the FBI. Though Levashov’s wife initially claimed he was arrested on suspicion of being connected to US election hackings, this seems to be untrue. Levashov reportedly used the botnet primarily to profit from its spamming abilities, sending out hundreds of millions of spam emails per year and renting out its spam services at a cost of $100 to $300 a pop. At the time of the takedown, the Kelihos botnet contained 60,000 infected devices.

What it all means

Kelihos joins a long list of botnets that have been famously shuttered following an arrest, a list that includes massive botnets Butterfly, Dridex and Skynet – and the list could go on. Every time a major botnet ceases to exist, an opportunity opens up and the hole is quickly filled. With the Kelihos botnet down, there is now a major business opportunity for anyone with a botnet capable of sending hundreds of millions of spam messages per year.

Even worse, it’s now easier than ever to assemble a botnet thanks to the billions of devices in the IoT. Many of these devices are unsecured, using default usernames and passwords that are easily guessed by attackers, making them simple to hijack. Not only are more botnets than ever being assembled, but they’re also unprecedented in size and doing record-setting damage. The MiraiIoT botnet, for instance, pulled off an absolutely staggering 1.2 Tbps DDoS attack last fall that was responsible for taking Netflix, Twitter, PayPal, Spotify and dozens more major websites offline.

This trend towards bigger botnets and relatedly bigger attacks appears to be one that’s going to stick, with at least one security firm even predicting a worldwide internet outage in 2017.

Taking protection into your own hands

Protecting yourself from botnets requires security measures that cover a couple of different angles. Firstly, to keep your internet-connected devices from becoming a part of a botnet, make sure your computers and mobile devices are secured with antivirus and malware protection programs. These programs can also help protect you while you’re online, keeping you from falling victim to trojans and other malware that may seek to steal your data. You also need to take the time to change the default usernames and passwords on your IoT devices to keep them from being enlisted.

The bottom line is that in order to protect your website or business from the malicious activity of botnets, it makes sense to invest in online security that analyzes and classifies all incoming traffic, distinguishing between human and bot traffic, and then between good bot and bad bot traffic to keep malicious traffic from ever reaching your network. This type of granular traffic inspection can be found in website security that includes bot access control as well as in professional DDoS protection, which is a must for all websites in the year 2017 in any case.

Botnets aren’t going away anytime soon, nor are they going to become rarer or less powerful. In fact, the number of botnets littering the internet and enabling cybercrime and devastating attacks is only going to keep increasing, as is their size and power. By securing your devices and protecting your website and online services, you can keep from getting stuck playing your own game of whack-a-mole. Horrible, horrible whack-a-mole.