A botnet capable of delivering almost four billion spam messages per day has been confirmed resurrected—more than four months after Microsoft celebrated its untimely demise.

Researchers with Kaspersky Lab reported on Tuesday that Kelihos, a peer-to-peer botnet that also goes by the name Hlux, continues to spew spam in a variety of languages. A new version of the underlying malware appeared as early as September 28, 2011, a day after Microsoft took credit for disrupting the rogue network by commandeering the infected computers and obtaining a court order seizing the Internet addresses used to help control them.

The resurrection highlights the difficulty of permanently severing botnets from the Internet. Because Kelihos used peer-to-peer technology, it was disrupted—or "sinkholed," in takedown parlance—by seeding the network with machines that caused their peers to take orders from benign channels under the control of white hats. The takedown process never actually removed the underlying malware from infected machines, making it possible for the attackers to one day regain control of them.

“It is impossible to neutralize a botnet by taking control over the controller machines or substituting the controller list without any additional actions,” Kaspersky Lab expert Maria Garnaeva wrote in Tuesday's blog post. “The botnet master might know the list of active router IPs, can connect to them directly and push the bot update again along with the new controllers list.”

Word of the revival contrasts with comments made back in September by Microsoft senior attorney Richard Domingues Boscovich. “When Microsoft takes a botnet down, we intend to keep it down," he said at the time, "and we will continue to to take action to protect our customers and platforms and hold bot herders accountable for their actions.”

The software maker took particular offense to Kelihos because it bore a strong resemblance to Waledac, another spam botnet that Microsoft disabled in early 2010.

By contrast, in a post a day or two after Boscovich's comments, Kaspersky Lab Researcher Tillman Werner warned that it was impossible to kill Kelihos unless the compromised PCs received instructions that disinfected them.

Legal concerns have so far mostly dissuaded authorities and researchers from issuing such commands without the explicit permission of the machines's owners, although last year the FBI crippled the notorious Coreflood botnet by disabling the malware until the next reboot. The use of government-run servers to deliver such commands was unprecedented.

Update

After this article was published, Microsoft sent the following statement, attributed to Boscovich: