Kelihos, Waledac and Storm malware believed to have same author

The recent takedown of the Kelihos botnet by Microsoft has received a lot of attention, despite the fact that the botnet is rather small (around 41,000 computers located worldwide).

The reason behind this is that it was the first time that a defendant was named in the suit filed by Microsoft and was notified of the action.

According to Microsoft, the Kelihos botnet is thought to be an attempt to rebuild the Waledac botnet. Having analyzed the code of the Kelihos malware, Pierre-Marc Bureau, senior malware researcher at antivirus company ESET, posits that its author is the same person (or group of people) who has developed the Storm worm and the Waledac malware.

In this podcast recorded at Virus Bulletin 2011, he talks about how tracking malware authors’ evolving skills can help security professionals and companies fight cybercrime. He also shares the specific discoveries that lead him the aforementioned conclusions about the authorship of the Kelihos, Waledac and Storm malware.