A spam botnet brought down four months ago, which was once capable of pumping out almost four billion spam messages a day, remains very much dead, two of the companies behind the takedown said.

That determination, announced late Friday by Microsoft and Kaspersky Lab representatives, contradicted published reports, including one from Ars, that claimed the network of infected computers had been resurrected. There's no evidence that control of Kelihos, which also went by the name Hlux, has returned to the control of its creators, the companies said.

The reports were based on a blog post a Kaspersky researcher published on Tuesday that was headlined "Kelihos/Hlux botnet returns with new techniques." Among other things, the researcher wrote: "This botnet continues to get orders from spammers and send spam in different languages so far."

Kaspersky clarified its findings on Friday.

"We would like to clarify the difference between the botnet we took down together with Microsoft and new samples based on original Kelihos code," a statement issued by Kaspersky read. "The botnet we took down is still under control and infected machines are not receiving commands from command and control centre (C&C) so they are not sending spam. But new samples, which are monitored by us continue to get orders from spammers and send spam so far. It means that we are dealing with another botnet."

A blog post published by Richard Domingues Boscovich, senior attorney for Microsoft Digital Crimes Unit, agreed.

"Contrary to some reports, Kaspersky and Microsoft have no evidence that the botnet that was taken down in September has returned to the control of cybercriminals or is spamming again at this time," he wrote. "However, we have seen evidence of distribution of new malware that appears to be a slightly updated variant of the malware that built the original Kelihos botnet."

It's not uncommon for botherders to recycle code when designing new malware. Indeed, Microsoft has said the original Kelihos bot software bore a strong resemblance to Waledac, a botnet Microsoft helped bring down in early 2010. Microsoft has dubbed the new malware Backdoor: Win32/Kelihos B and has added protection against the threat to its Malicious Software Removal Tool.

Listing image by Photograph by Ged Carroll