The US Department of Justice has announced the launch of an extensive effort to put an end to the Kelihos botnet, a global network of over 10,000 infected computers that has been delivering spam and ransomware and other malware since 2010.
A day after authorities in Spain arrested Pyotr Levashov, the alleged programmer, operator, and kingpin of the Kelihos malware, the US Justice Department has announced plans to takedown the dreaded malware.
Levashov, a Russian national who was arrested in Spain over the weekend, is now in custody in a country that has an extradition treaty with the US, unlike Russia. Prosecutors have linked Levashov to the Kelihos botnet after an unsealed search warrant application revealed he used the same IP address to operate the botnet and his .ru email account. Levashov’s Apple iCloud and Gmail accounts are also associated with the same IP address.
“The Kelihos malware harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic,” an announcement by the Justice Department read. “Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums”
Authorities allege that Levashov used a botnet to facilitate a spamming operation that pushed hundreds of millions of emails every year that advertised the likes of counterfeit drugs and stock scams. More notably, prosecutors have accused Levashov of installing malware on targeted end-user computers to harvest passwords of thousands of Americans’ online and financial accounts.
“On April 8, 2017, we started the extraordinary task of blocking malicious domains associated with the Khelios botnet to prohibit further infections,” stated FBI Special Agent in Charge Marlin Ritzman.
As a means of liberating victims’ computers, the Feds obtained court orders to take steps to neutralize the Kelihos botnet that includes installing substitute servers and blocking commands sent from the botnet operator.sf
An unsealed criminal complaint by the US Justice Department has charged Levashov with wire fraud and unauthorized interception of electronic communications.
Image credit: Flickr.