The new malware variant is called “Backdoor:Win32/Kelihos.B” and it appears to be based on the initial malware’s cod, but it’s slightly updated and there is no evidence to point that the botnet that was taken down previously has returned to the control of the cybercriminals.
Furthermore, it is believed that this variant is based in part on Waledac, a botnet terminated by Microsoft at the beginning of 2010, but this doesn’t come as a surprise since it’s a known fact that malware authors often utilize code from previous versions.
“Analysis of these samples and continuing observations of Kelihos-infected computers have demonstrated no known re-employment of the original Kelihos botnet by botherders,” Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit said.
Currently, neither Microsoft nor Kaspersky can provide precise numbers to indicate the size of this potentially new botnet, but Kaspersky’s analysis reveals that the size of the old botnet dropped by 25% in the past two months.
It is estimated that the old botnet’s size is far smaller than initially thought, less than 10,000 computers being infected. This number may seem large, but considering that at the time it was taken down the botnet infected 41,000 devices, the progress is pretty significant.
Users who suspect their computers may still be part of the botnet are advised to install security solutions to help them get rid of the malicious elements. Microsoft offers a support page specially dedicated to removing botnets from potentially infected PCs.