April 11, 2017 by

US Feds Start Dismantling Destructive Spam Botnet Kelihos

The US Department of Justice has announced the launch of an extensive effort to put an end to the Kelihos botnet, a global network of over 10,000 infected computers that has been delivering spam and ransomware and other malware since 2010.

A day after authorities in Spain arrested Pyotr Levashov, the alleged programmer, operator, and kingpin of the Kelihos malware, the US Justice Department has announced plans to takedown the dreaded malware.

Levashov, a Russian national who was arrested in Spain over the weekend, is now in custody in a country that has an extradition treaty with the US, unlike Russia. Prosecutors have linked Levashov to the Kelihos botnet after an unsealed search warrant application revealed he used the same IP address to operate the botnet and his .ru email account. Levashov’s Apple iCloud and Gmail accounts are also associated with the same IP address.

“The Kelihos malware harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic,” an announcement by the Justice Department read. “Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums”

Authorities allege that Levashov used a botnet to facilitate a spamming operation that pushed hundreds of millions of emails every year that advertised the likes of counterfeit drugs and stock scams. More notably, prosecutors have accused Levashov of installing malware on targeted end-user computers to harvest passwords of thousands of Americans’ online and financial accounts.

“On April 8, 2017, we started the extraordinary task of blocking malicious domains associated with the Khelios botnet to prohibit further infections,” stated FBI Special Agent in Charge Marlin Ritzman.

As a means of liberating victims’ computers, the Feds obtained court orders to take steps to neutralize the Kelihos botnet that includes installing substitute servers and blocking commands sent from the botnet operator.sf

An unsealed criminal complaint by the US Justice Department has charged Levashov with wire fraud and unauthorized interception of electronic communications.

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward