FAQ: Disabling the new Hlux/Kelihos Botnet

Q: What is the Hlux/Kelihos botnet? A: Kelihos is Microsoft’s name for what Kaspersky calls Hlux. Hlux is a peer-to-peer botnet with an architecture similar to the one used for the Waledac botnet. It consists of layers of different kinds of nodes: controllers, routers and workers.

Q: What is a peer-to-peer botnet? A: Unlike a classic botnet, a peer-to-peer botnet doesn’t use a centralized command and control-server (C&C). Every member of the network can act as a server and/or client. The advantages from the malicious user’s point of view is the omission of the central C&C as a single-point-of-failure. From our point of view, this makes it a lot harder to take down this kind of botnet. Architecture of traditional botnet vs P2P:

Traditional botnet with centralized C&CTraditional botnet with centralized C&C

Architecture of a P2P botnetArchitecture of a P2P botnet

Read more: FAQ: Disabling the new Hlux/Kelihos Botnet

Story added 28. March 2012, content source with full text you can find at link above.