Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques.
HTTP REQUESTS
sample: hxxp://kalurjaq.ru/angrim2.exe
hxxp://37.221.162.18/loader/angrim2.exe
hxxp://188.254.131.48/login.htm
hosting infos:
http://whois.domaintools.com/81.88.155.101
Anonymous - June 18, 2013 at 1:53 pm
i guess they have .htaccess on login page.