Kelihos.B takedown

There are two main points to take away from the Kelihos.B takedown. The first is that malware writers, as smart as they are, are really dumb.

Forget about malware for a moment, and imagine the architecture involved in Kelihos.B was part of a legitimate distributed-computing business system. Would you invest all that time and effort to build a P2P network and design a mechanism for message propagation, then leave it wide open to attack by failing to include any form of authentication mechanism? It’s complete lunacy. If you did it in a commercial environment, you’d get fired. Out of a cannon. Into the sun.

The second interesting point is that this botnet exclusively infected OS X, which is a pretty big shift in focus from the previous major botnets like Conficker and Mariposa. I’m actually surprise it took this long for a major OS X botnet to surface, considering the general stereotype of Apple users. They’re usually not tech-savvy, generally more wealthy than the average Windows user, and often under the illusion that “there are no viruses for Macs!”. The perfect storm of getting pwned.

I have a feeling it won’t be very many years before the distribution of malware across Windows and OS X ends up being close to equal.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s