Kelihos Botnet Reappears
Previous versions of the botnet were taken down in September 2011 and March 2012.
"Kaspersky Lab researchers have been analyzing the malware and the botnet's structure and have found that at about midday on Monday, there were more than 8,500 unique IP addresses behind wowrizep.ru, one of the Russian domains being used by the Kelihos botnet for fast-flux operations," writes Threatpost's Dennis Fisher. "That number isn't exact, though, as there could be many IPs behind NAT devices."
"The first Kelihos botnet comprised some 41,000 infected computers worldwide and was capable of generating 3.8 million spam emails every day before its takedown in 2011 in a joint effort between Kaspersky Lab and Microsoft," Infosecurity reports. "The second takedown of Kelihos happened in March 2012, after Microsoft discovered 'evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet.'"