The Kelihos botnet remains active and continues spamming with a new variant, despite efforts by Kaspersky Lab and CrowdStrike that knocked offline and sinkholed the most recent version of the botnet. Seculert says that the same criminals are still responsible for the network s operation and, furthermore, have the capacity to regain control over sinkholeed machines by using the Facebook worm mentioned above. CrowdStrike claims that the criminals behind the network are not capable of regaining access to machines in the sinkhole.
Source: https://threatpost.com/kelihos-returns-same-botnet-or-new-version-032912/76382/