FAQ: Disabling the new Hlux/Kelihos Botnet
Q: What is the Hlux/Kelihos botnet? A: Kelihos is Microsoft’s name for what Kaspersky calls Hlux. Hlux is a peer-to-peer botnet with an architecture similar to the one used for the Waledac botnet. It consists of layers of different kinds of nodes: controllers, routers and workers.
Q: What is a peer-to-peer botnet? A: Unlike a classic botnet, a peer-to-peer botnet doesn’t use a centralized command and control-server (C&C). Every member of the network can act as a server and/or client. The advantages from the malicious user’s point of view is the omission of the central C&C as a single-point-of-failure. From our point of view, this makes it a lot harder to take down this kind of botnet. Architecture of traditional botnet vs P2P:
Traditional botnet with centralized C&C
Architecture of a P2P botnet