April 11, 2017 by

US Feds Start Dismantling Destructive Spam Botnet Kelihos

The US Department of Justice has announced the launch of an extensive effort to put an end to the Kelihos botnet, a global network of over 10,000 infected computers that has been delivering spam and ransomware and other malware since 2010.

A day after authorities in Spain arrested Pyotr Levashov, the alleged programmer, operator, and kingpin of the Kelihos malware, the US Justice Department has announced plans to takedown the dreaded malware.

Levashov, a Russian national who was arrested in Spain over the weekend, is now in custody in a country that has an extradition treaty with the US, unlike Russia. Prosecutors have linked Levashov to the Kelihos botnet after an unsealed search warrant application revealed he used the same IP address to operate the botnet and his .ru email account. Levashov’s Apple iCloud and Gmail accounts are also associated with the same IP address.

“The Kelihos malware harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic,” an announcement by the Justice Department read. “Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums”

Authorities allege that Levashov used a botnet to facilitate a spamming operation that pushed hundreds of millions of emails every year that advertised the likes of counterfeit drugs and stock scams. More notably, prosecutors have accused Levashov of installing malware on targeted end-user computers to harvest passwords of thousands of Americans’ online and financial accounts.

“On April 8, 2017, we started the extraordinary task of blocking malicious domains associated with the Khelios botnet to prohibit further infections,” stated FBI Special Agent in Charge Marlin Ritzman.

As a means of liberating victims’ computers, the Feds obtained court orders to take steps to neutralize the Kelihos botnet that includes installing substitute servers and blocking commands sent from the botnet operator.sf

An unsealed criminal complaint by the US Justice Department has charged Levashov with wire fraud and unauthorized interception of electronic communications.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Cybercriminals Spoof Millions of Printers, Scanners to Spread Malware

Security researchers have discovered cybercriminals spoofing millions of scanners to launch attacks...

Read more arrow_forward