Kelihos.B takedown - Graham Sutherland's Blog

There are two main points to take away from the Kelihos.B takedown. The first is that malware writers, as smart as they are, are really dumb.

Forget about malware for a moment, and imagine the architecture involved in Kelihos.B was part of a legitimate distributed-computing business system. Would you invest all that time and effort to build a P2P network and design a mechanism for message propagation, then leave it wide open to attack by failing to include any form of authentication mechanism? It’s complete lunacy. If you did it in a commercial environment, you’d get fired. Out of a cannon. Into the sun.

The second interesting point is that this botnet exclusively infected OS X, which is a pretty big shift in focus from the previous major botnets like Conficker and Mariposa. I’m actually surprise it took this long for a major OS X botnet to surface, considering the general stereotype of Apple users. They’re usually not tech-savvy, generally more wealthy than the average Windows user, and often under the illusion that “there are no viruses for Macs!”. The perfect storm of getting pwned.

I have a feeling it won’t be very many years before the distribution of malware across Windows and OS X ends up being close to equal.