There has been a recent surge in security blogs warning users to be extra cautious of a new spin on an old threat. Kelihos is a botnet which utilizes P2P communication to maintain its CnC Network. With all of the attention around Kelihos, it should be no surprise that 30/45 AV vendors are detecting the latest installer. Zscaler took some time to analyse recent threat reports that came through their malicious/suspicious files queue, to see if they could find anything to add. It didn’t take long to find a now infamous iteration of this botnet installer in action. In particular, they found a file called “rasta01.exe”.
Read the full article by Chris Mannon, security researcher at Zscaler ThreatLabZ
