US dismantles Kelihos botnet after Russian hacker's arrest

Peter Levashov has been accused of running the Kelihos botnet, according to the U.S.

The arrest last week of a Russian man in Spain was apparently for his role in a massive spam botnet and not related to an ongoing investigation into foreign tampering with last year's U.S. election.

The botnet, called Kelihos, has enslaved hundreds of thousands of computers, and distributed spam and malware to users across the globe. However, the U.S. has taken action to dismantle the illegal operation, the Department of Justice said on Monday.

The arrest of 36-year-old Peter Yuryevich Levashov, the botnet's alleged operator, was at first thought to be related to the ongoing U.S. investigation of presidential election-related hacking, but the DOJ said on Monday that wasn't the case.

It didn't however reveal the charges against Levashov because the case remains under seal, but offered reporters documents that showed U.S. investigators obtained court orders to stop Levashov from controlling his botnet, which he had allegedly ran since 2010.

Levashov has been accused of infecting Windows PCs with malware to form a botnet, or a network of enslaved computers. Once enslaved, Levashov turned the PC into a mail server without the victim’s knowledge, the U.S. government claimed.

The Kelihos botnet has been found distributing hundreds of millions of spam emails, many of which were advertising counterfeit drugs, promoting penny stocks and work-at-home scams.

He was also suspected of using his botnet to distribute malware, including ransomware, which can hold an infected PC hostage, encrypting the data stored inside unless the owner pays a ransom.

Levashov harvested login credentials from infected PCs too. This was done to break into the users’ online bank accounts or to sneak into the victim’s email accounts to send out more spam. He had even helped other cybercriminals distribute malware in exchange for payment, U.S. investigators claim.

In building its case against Levashov, the FBI noticed that one of the botnet’s servers was constantly logging into an email account at mail.ru. That account was registered to a “Pete Levashov,” and was also associated with an Apple iCloud account under a similar name, according to an FBI filed court document.

To dismantle the Kelihos botnet, the U.S. is essentially severing the link between Levashov and his computers. It’s obtained a court order to redirect internet traffic from Kelihos-infected machines to a dummy server under the investigators’ control.

The FBI estimates the Kelihos botnet has between 25,000 and 100,000 computers currently under its control. About 5 to 10 percent reside in the U.S.

However, the U.S. steps to dismantle Kelihos should disrupt most of the botnet’s activities over the next few days, a Department of Justice official said.

Users can use free antivirus tools such as Microsoft Safety Scanner to clear Kelihos-related malware from their PCs. Internet service providers will also be told which IP addresses have been found supporting the botnet's activities.

Although the dismantling should be a major blow to Kelihos, the Justice Department hasn't said if others might have been involved in the botnet's activities.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?