Kelihos Spambot - Ideas, Suggestions?

tyrant64 · Apr 17, 2015

I noticed we're on the Spamhaus CBL for Kelihos infection.
Unfortunately, we're unable to locate the infection directly, though we have run Norton Power Eraser on every device at our location (~50 devices total.)
We have no mail server, so it can't be a false positive, and we do not use relay servers. (We run nothing from our office but end user machines...possibly outlook configuration generating a false positive?)

Anyone know of any tools or utility sites we can utilize to pinpoint the infection, outside of port monitoring?

(As a preamble, I came into the company after they expanded, and of course nobody thinks they need security until it's too late. I get to pick the pieces up, here. Just looking for suggestions or ideas from anyone interested in theorizing, hah!)

Thanks in advance.

chaslang · Apr 18, 2015

Check the PCs for any P2P type downloading programs and remove them if found. Also monitor your network for any high traffic patterns. Make sure all of the software running on all PCs is updated to latest versions! Thi smeans all software not just Windows. For example, make sure Java, Adobe....etc are updated. Install protection software and enable firewalls.
If you don't have a hardware firewall at the entrance/exit from your company network then you should install one.

Take a look the below:

http://research.zscaler.com/2013/08/kelihos-botnet-what-victims-can-expect.html

http://serverfault.com/questions/13844/how-do-you-detect-a-spambot-on-your-network

http://www.darkreading.com/vulnerab...am-blocklists-to-hone-attacks/d/d-id/1111352?

Log in or Sign up

Kelihos Spambot - Ideas, Suggestions?

tyrant64 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member