Kelihos.B is a slightly outdated version of the Kelihos Trojan, a sophisticated botnet-based backdoor Trojan that allowed criminals to take over infected PCs with some significant help from a network of C&C servers. Kelihos.B and other Kelihos variants were (and still are, at the time of this writing) distributed via the Facebook worm known as Fifesock, and are designed for attacks that can include stealing private information, installing other types of malicious programs or using the infected computer’s resources for malicious software distribution via e-mail spam. Although authorities have shut down the botnet that Kelihos.B uses to coordinate many of its attacks, variants of Kelihos.B like Kelihos.C are still ongoing threats, and SpywareRemove.com malware researchers strongly recommend that you delete Kelihos.B or any other version of the Kelihos backdoor Trojan with anti-malware software whenever appropriate.
Kelihos.B – a Half-Dead Trojan That’s Still Lumbering Onwards
Kelihos.B, like other Kelihos Trojans, is noted for particularly heavy distribution on Windows XP computers within the regions of the United States and Poland, although other versions of Windows and other countries can also be considered vulnerable to Kelihos.B attacks. Kelihos.B is only one of many variants of backdoor Trojans from the Kelihos family, all of which are appear to be upgraded versions of earlier variants than themselves. This ongoing development causes SpywareRemove.com malware researchers to recommend that you keep your anti-malware products updated to maximize accurate detection and deletion of Kelihos.B and other Kelihos-based Trojans.
Kelihos.B and the rest of its family are noted for surreptitious attacks that create few symptoms, including:
- Using your PC to send spam e-mail messages to propagate itself.
- Using your PC to exploit Bitcoin weaknesses and artificially generate digital revenue.
- Clandestinely stealing private information, such as bank account passwords, via keylogging and other techniques that are common to spyware-related PC threats.
At the time of this writing, although Kelihos.B’s personal distribution techniques are limited to e-mail spam, SpywareRemove.com malware experts also emphasize that the Fifesock worm that can install Kelihos.B possesses traditional worm distribution features.
Why You Shouldn’t Be Happy About Kelihos.B’s Replacement
Even though Kelihos.B’s botnet (the large array of decentralized Command and Control servers that Kelihos.B infections used to control infected PCs) has been shut down, Kelihos.B’s criminal developers have already updated Kelihos.B to a new version (identified by the title Kelihos.C) that still has a fully-functional botnet. This same criminal group is also guilty of the creation and distribution of PC threats like the Storm.Worm and Waledac, and hence, development of Kelihos Trojans must be considered an active and ongoing danger to all Windows-based PCs.
Kelihos.B can also be identified by other aliases, such as TROJ_FRAUDLO.DM, PWS-Zbot.gen.ia, Mal/FakeAV-GQ, TR/Crypt.XPACK.Gen2 or Trojan-Downloader.Win32.FraudLoad.ynsc. Even if you’re relatively ‘lucky’ to be attacked by Kelihos.B instead of a recent update like Kelihos.C, SpywareRemove.com malware analysts encourage you to delete Kelihos.B with extreme prejudice as a high-level security threat to your PC. Because Kelihos.B doesn’t show obvious symptoms and alters the Windows Registry for some of its attacks, using an anti-malware scanner to disinfect Kelihos.B is strongly recommended.
Posted: April 8, 2011 | By SpywareRemove
Threat Level: 6/10
Rate this article:
Detection Count: 1,501