Kelihos.B

By Domesticus in Trojans

Threat Scorecard

Threat Level: 60 % (Medium)
Infected Computers: 827
First Seen: April 8, 2011
OS(es) Affected: Windows

The Kelihos.B Trojan is a backdoor Trojan that is inextricably linked to the Kelihos botnet. This vast network of computer systems infected with variants of Kelihos.B was used to send out spam email, perform distributed denial of service attacks, and continue to distribute Kelihos.B and its associated malware. Kelihos.B in particular was often distributed through social networks with the help of the Fifesock worm. Kelihos.B can be utilized to gain access to confidential information on the victim's computer system, install other malware on the victim's computer, and to integrate the infected computer system into the Kelihos botnet. While this botnet has been shut down, Kelihos.B and its newest version, Kelihos.C is still active and infecting computer systems. If you suspect that your computer system is infected with Kelihos.B, ESG malware researchers strongly advise scanning your hard drives with a strong anti-malware tool.

Despite the Actions of Law Enforcement, Kelihos.B is Still Active

Kelihos.B was mainly active in the United States and parts of Eastern Europe. Most computer systems infected with Kelihos.B use the Windows XP operating system, although Kelihos.B has the capacity to attack other versions of Windows and has been present in other countries around the world. Kelihos.B infection is not particularly new and keeping your security software fully updated should help prevent a Kelihos.B Trojan infection.

Kelihos.B was used by criminals to farm Bitcoins, stealing sensitive information, and forcing the infected computer systems to send out spam email. Bitcoins, an anonymous online currency, are farmed by using processor power. Criminals could force the victim's computer system to farm Bitcoins, creating enormous revenue due to the large number of infected computers in Kelihos.B's botnet. While this botnet has been taken down by law enforcement, criminals have already created a new botnet corresponding to the evolution of the Kelihos.B Trojan, Kelihos.C.

However, computer systems are not safe from the Kelihos.B Trojan, since this infection is still being distributed by the Fifesock worm and through malicious spam email messages. ESG security researchers consider that all variants of the Kelihos.B Trojan are extremely dangerous, not only to the victim's computer system but to the general public. Steps should be taken to scan and disinfect your computer system if you have reasons to suspect that you were exposed to the Kelihos.B Trojan, either through a social network worm or by opening an unsolicited spam email attachment.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Generic26.EJO
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E
BitDefender Trojan.Generic.KD.561483
Kaspersky Packed.Win32.Krap.is
NOD32 a variant of Win32/Kryptik.ACID
CAT-QuickHeal Backdoor.Bredolab.zji
AVG Cryptic.DQC
AntiVir TR/Agent.ghs
DrWeb BackDoor.Slym.24
BitDefender Gen:Variant.Kazy.31534
Kaspersky Trojan.Win32.Jorik.Hlux.do
Avast Win32:MalOb-GZ [Cryp]
F-Prot W32/FakeAlert.QS.gen!Eldorado
NOD32 a variant of Win32/Kryptik.SKS
CAT-QuickHeal Trojan.Jorik.Hlux.do

SpyHunter Detects & Remove Kelihos.B

File System Details

Kelihos.B may create the following file(s):
# File Name MD5 Detections
1. _ex-68.exe 37ce54c1c1d41d5b34971e63bf231490 135
2. _ex-68.exe 6c0c7eacb8c6cf6f0a4588ae563e0c3e 52
3. _ex-68.exe b941c09d9c186c8d47bc66d2c762b4ae 42
4. _ex-68.exe 78b325da9bd26e51134a4c3998c9b836 19
5. _ex-68.exe ba3209d569be2efcf58076cc1d4029ee 16
6. gn510vh0.exe b8c6e52cf44b86472bcdb1e3db315603 16
7. _ex-68.exe edf6711006a55165667ada409e619aee 13
8. _ex-68.exe 29bfbf89116e9db7d8f292155067bc19 11
9. _ex-68.exe a47af1517b12a4420635b5dfa5ff1dd3 9
10. _ex-68.exe 51edf54a63f728eca9c1b0f9052a9da3 9
11. fj4tne.exe 0df59a7ff7dacdc723204fdfb0e156d7 8
12. _ex-68.exe e2615255eea4540f900d59ddb598333c 6
13. _ex-68.exe 6ebc0fb30bc822a487c0bbb4890a9647 5
14. _ex-68.exe 78fa201f5eee233dfba3d4f31da5e7ce 4
15. _ex-68.exe 9b568a2d86893b24366541c5101cb9d7 4
16. _ex-68.exe 0051109524bd731fc0564fbf2608ba14 4
17. _ex-68.exe 79c282e2312c0fc1bdbc6a2869a62dd8 4
18. _ex-68.exe 01933212f1ad378d0470c50eaf87494f 3
19. _ex-68.exe a902a6dbf66684e21397b125b75f48d2 3
20. _ex-68.exe e111f92a3fd72ecbde4ecd93de4bccff 2
21. _ex-68.exe 64079ba6011f712dda30275a20850a66 2
22. _ex-68.exe 1cf0b48d6b750b06b97136119913cd60 2
23. _ex-68.exe 30234dfdb989ab387a0791b44ae478de 2
24. c28.exe f62590fb8659a37d982ee0853ab36e8e 2
25. cy2o4e1.exe a28262b8150f0d62b409771966fd76ef 2
26. e2y5die.exe ad628840539497aa76f0607aca4a533f 2
27. _ex-68.exe 6078096f36f504bdc2b6dc6ec3814743 1
28. _ex-68.exe 1b9d373601de9527d488977bcda90eb3 1
More files

Trending

Most Viewed

Loading...