US dismantles Kelihos botnet after Russian hacker's arrest

Peter Levashov has been accused of running the Kelihos botnet, according to the U.S.

The arrest last week of a Russian man in Spain was apparently for his role in a massive spam botnet and not related to an ongoing investigation into foreign tampering with last year's U.S. election.

The botnet, called Kelihos, has enslaved hundreds of thousands of computers, and distributed spam and malware to users across the globe. However, the U.S. has taken action to dismantle the illegal operation, the Department of Justice said on Monday.

The arrest of 36-year-old Peter Yuryevich Levashov, the botnet's alleged operator, was at first thought to be related to the ongoing U.S. investigation of presidential election-related hacking, but the DOJ said on Monday that wasn't the case.

It didn't however reveal the charges against Levashov because the case remains under seal, but offered reporters documents that showed U.S. investigators obtained court orders to stop Levashov from controlling his botnet, which he had allegedly ran since 2010.

Levashov has been accused of infecting Windows PCs with malware to form a botnet, or a network of enslaved computers. Once enslaved, Levashov turned the PC into a mail server without the victim’s knowledge, the U.S. government claimed.

The Kelihos botnet has been found distributing hundreds of millions of spam emails, many of which were advertising counterfeit drugs, promoting penny stocks and work-at-home scams.

He was also suspected of using his botnet to distribute malware, including ransomware, which can hold an infected PC hostage, encrypting the data stored inside unless the owner pays a ransom.

Levashov harvested login credentials from infected PCs too. This was done to break into the users’ online bank accounts or to sneak into the victim’s email accounts to send out more spam. He had even helped other cybercriminals distribute malware in exchange for payment, U.S. investigators claim.

In building its case against Levashov, the FBI noticed that one of the botnet’s servers was constantly logging into an email account at mail.ru. That account was registered to a “Pete Levashov,” and was also associated with an Apple iCloud account under a similar name, according to an FBI filed court document.

To dismantle the Kelihos botnet, the U.S. is essentially severing the link between Levashov and his computers. It’s obtained a court order to redirect internet traffic from Kelihos-infected machines to a dummy server under the investigators’ control.

The FBI estimates the Kelihos botnet has between 25,000 and 100,000 computers currently under its control. About 5 to 10 percent reside in the U.S.

However, the U.S. steps to dismantle Kelihos should disrupt most of the botnet’s activities over the next few days, a Department of Justice official said.

Users can use free antivirus tools such as Microsoft Safety Scanner to clear Kelihos-related malware from their PCs. Internet service providers will also be told which IP addresses have been found supporting the botnet's activities.

Although the dismantling should be a major blow to Kelihos, the Justice Department hasn't said if others might have been involved in the botnet's activities.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Essentials

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?