Earlier this week, Microsoft reported the successful takedown of what it calls the Kelihos botnet, a network of more than 40,000 infected computers capable of sending 3.8 billion spam e-mails per day. But while criminals no longer control the botnet, the work needed to contain it is not over. Botnet traffic is now being redirected to a “sinkhole,” allowing the good guys to oversee traffic from infected machines and prevent further distribution of malware and scams.
Kaspersky Lab, which collaborated with Microsoft on the takedown, says 3,000 infected hosts are connecting to its sinkhole every minute. After reverse-engineering the bot malware, cracking the botnet’s communication protocol, and developing tools to attack its peer-to-peer infrastructure, “we started to propagate a special peer address,” explains Kaspersky Lab expert Tillmann Werner in a blog post. “Very soon, this address became the most prevalent one in the botnet, resulting in the bots talking to our machine, and to ou