Software being offered to Russians for the purpose of hacking Western governments in particular the US, is actually loaded with malware called kelihos which is designed to hack Russian computers.
Hackers have crafted ingenious spam messages that help them execute a Trojan to those who support the Russian cause and are opposed to economic sanctions taken against their country over the conflict in the Ukraine. Users who click the malicious links are unwillingly joining a botnet.
According to Bitdefender’s Russian-speaking antispam researchers, the malicious messages state: “We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.”
After clicking the link the victim download an executable that is actually the Kelihos Trojan. The Trojan communicates with the command and control centre by exchanging encrypted messages via HTTP to retrieve further instructions from the hacker.
Kelihos can communicate with other infected computers, steal Bitcoin wallets, send spam emails, steal login credentials as well as downloading and execute other malicious files on the affected system.
The Kelihos botnet, discovered four years ago, has a peer-to-peer structure where individual nodes can act as command-and-control servers for the entire botnet, increasing its longevity by making it harder to dismantle. BitDefender has identified download nodes in the Ukraine, Poland and the Republic of Moldavia.