Kelihos

Symptoms

System Compromise: Remote attackers can gain control of vulnerable systems.

Analysis

This botnet has been seen in the wild since 2010. It has been associated with spamming and the theft of Bitcoins.

Some of its instances use public-key cryptography and are built on the Crypto++ library which provides several C++ classes related to cryptographic schemes.

More details can be found at http://blog.fortinet.com/post/dissecting-latest-kelihos-peer-exchange-communication.

recommended-action-logoInstructions

If required, the signature's action can be set to "Block". Use Anti-Virus software to scan and clean the system.

Telemetry logoTelemetry