Kelihos Botnet Spam Waves False Russian Flag

21084097_s Would you volunteer your computer’s resources to help a political cause?

It is a strange question, but it’s one being asked by Kelihos botnet spammers to Russian citizens. So reads the spam message:

We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.

Referencing political actions taken by Western nations against Russia for its recent relations with Ukraine – and hoping to incite the ire of displeased Russian citizenry – the link provided in the message actually leads to malware. More specifically, users who click are connected to the Kelihos botnet, which is capable of the following malicious activities:

  • Password theft from web-browsers and other programs
  • Bitcoin theft and mining
  • Establishment of “backdoors” for future access to the infected machine
  • Hijacking infected PCs to perform DDOS attacks
  • Downloading more malware
  • And, of course, sending more spam

According to reports from PC World, the variant disbursed by this latest campaign also borrows digitally signed files from a legitimate network monitoring software to spy on infected users and reduce the chances of detection.

Whether or not “volunteers” actually get to participate in a digital attack against Western states is unconfirmed. Kelihos is capable of commanding bots to carry out DDOS attacks, and such attacks could, in theory, be carried out against Western governments’ websites; but, all of the little extra things the botnet can do suggest that this politically-charged variant of Kelihos is nothing more than malware, waving a false flag.

The takeaway?

Social engineering is a dangerous beast, especially when it leverages contentious current events. As a rule of thumb, if an email provokes an emotional reaction, it is usually best to stop and think (and maybe even walk away) before you click.

…And as for those seeking political action – whatever the viewpoint – there are much better ways to implement change than clicking on Internet chain mail ;)

Have a great (bot-free) day!

For the full story and source of quote, see Hackers prey on Russian patriotism to grow the Kelihos botnet, at PC World.