[rkhunter]

Building on the recent successes of the Rustock and Waledac botnet takedowns, I’m pleased to announce that Microsoft has taken down the Kelihos botnet in an operation codenamed “Operation b79” using similar legal and technical measures that resulted in our previous successful botnet takedowns.

DCU: http://blogs.technet.com/b/microsoft_bl ... -case.aspx

Documents: http://www.noticeofpleadings.com/

Technet post: http://blogs.technet.com/b/mmpc/archive ... lease.aspx

[rkhunter]

ISP that hosted C&C:

ATT Internet Services, Richardson, Texas
Charter Communications, St. Louis, Missouri

[kmd]

Microsoft Names New Defendant in Kelihos Case

http://blogs.technet.com/b/microsoft_bl ... -case.aspx

on a yellow pages aggregator "krebsonsecurity" stated that guy worked in agnitum while coding waledac(kelihos)

[EP_X0FF]

There in original post nowhere isn't stated any affiliation with Agnitum in case of Waledac/Hlux/Kelihos.

on a yellow pages aggregator "krebsonsecurity" stated that guy worked in agnitum while coding waledac(kelihos)

This is question of professionalism of the author, which is obviously lacks. It misses whole point and only found Agnitum as target for his yet another yellow blogpost about nothing. Perfect continuation of failures such as TDL4 car googling, WinAD "investigation" etc.

If tomorrow someone find the customized Zbot sources with references to his domain then, following this "expert" logic, he will be affiliated with Zeus botnet. What a pity.

[rkhunter]

Seems krebsonsecurity author was first who guessed to look on linkedin profile of this guy. But I agree that arcicles from blog increasingly began to resemble of yellow pages.

[NarfBang]

Looks like not dead. Should have delete bots. Nobody notice anyway.
http://threatpost.com/en_us/blogs/kelih ... ces-013112

[rkhunter]

Kelihos Back In Town Using Fast Flux

[rkhunter]

New Kelihos/Hlux version found - Kelihos.C - Backdoor:Win32/Kelihos.F and botnet too http://www.darkreading.com/advanced-thr ... riant.html

[Flamef]

New Kelihos/Hlux version found - Kelihos.C - Backdoor:Win32/Kelihos.F and botnet too http://www.darkreading.com/advanced-thr ... riant.html

New Kelihos/Hlux botnet bites the dust :D http://www.securelist.com/en/blog/20819 ... hos_Botnet

FAQ:Disabling the new Hlux/Kelihos http://www.securelist.com/en/blog/20819 ... hos_Botnet

[rkhunter]

New Kelihos/Hlux version found - Kelihos.C - Backdoor:Win32/Kelihos.F and botnet too http://www.darkreading.com/advanced-thr ... riant.html

New Kelihos/Hlux botnet bites the dust :D http://www.securelist.com/en/blog/20819 ... hos_Botnet

FAQ:Disabling the new Hlux/Kelihos http://www.securelist.com/en/blog/20819 ... hos_Botnet

You talking about .B variant. Kaspersky neutralized .B variant. .C was observed two days ago and new botnet works fine.