{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2012-0029.txt"
    },
    "title": "Kelihos Botnet is Back and Active",
    "serial_number": "2012-0029",
    "publish_date": "05-03-2012 15:13:00",
    "description": "In September 2011, Microsoft announced the takedown of the Kelihos botnet [1]. In the beginning of 2012, Kaspersky found a new version of Kelihos in the wild [2]. Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it\u2019s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques [3]. More detailed analysis may be found in [3].",
    "url_title": "2012-0029",
    "content_markdown": null,
    "content_html": null,
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}