Kelihos, Waledac and Storm malware believed to have same author
by Zeljka Zorz - Thursday, 3 November 2011.
The recent takedown of the Kelihos botnet by Microsoft has received a lot of attention, despite the fact that the botnet is rather small (around 41,000 computers located worldwide).

The reason behind this is that it was the first time that a defendant was named in the suit filed by Microsoft and was notified of the action.

According to Microsoft, the Kelihos botnet is thought to be an attempt to rebuild the Waledac botnet. Having analyzed the code of the Kelihos malware, Pierre-Marc Bureau, senior malware researcher at antivirus company ESET, posits that its author is the same person (or group of people) who has developed the Storm worm and the Waledac malware.

In this podcast recorded at Virus Bulletin 2011, he talks about how tracking malware authors' evolving skills can help security professionals and companies fight cybercrime. He also shares the specific discoveries that lead him the aforementioned conclusions about the authorship of the Kelihos, Waledac and Storm malware.

Press the play button below to listen to the podcast:

Pierre-Marc Bureau is responsible of investigating trends in malware and finding effective techniques to counter these threats. Prior to joining ESET, he worked for a network security company where he was senior security analyst.

Pierre-Marc Bureau finished his Master degree in computer engineering at Ecole Polytechnique of Montreal in 2006. His studies focused mainly on the performance evaluation of malware. He has presented at various international conferences including Recon, Infosec, and Virus Bulletin. His main interests lie in reverse engineering, application and network security.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th