it launched an effort to take down the giant Kelihos botnet, a global network
of tens of thousands of infected computers which it claimed was operated by a 36-year-old
Russian national, Peter Yuryevich Levashov who was arrested in Spain over the
spam emails, distributing ransomware and malware, harvest usernames and
passwords and engage in Bitcoin theft and spamming. The botnet at times grew
larger than 100,000 simultaneously infected devices to carry out various spam
attacks, including pump-and-dump stock schemes.
promoting penny stocks and work-at-home scams. Levashov harvested login
credentials from infected PCs too. This was done to break into the users’
online bank accounts or to sneak into the victim’s email accounts to send out
more spam. He had even helped other cybercriminals distribute malware in exchange
for payment, U.S. investigators claim.
individual node to act as its own command-and-control server and its malicious
activity is thought to have affected five percent of all organisations across
the US Department of Justice has started blocking domains associated with the
Kelihos botnet, one of the most prolific networks of hacker-controlled computer
systems in the world. The Kelihos botnet infected computers running Microsoft
Corp’s Windows operating system since approximately 2010. Once enslaved,
Levashov turned the PC into a mail server without the victim’s knowledge, the
U.S. government claimed.
botnet’s servers was constantly logging into an email account at mail.ru. That
account was registered to a “Pete Levashov,” and was also associated with an
Apple iCloud account under a similar name, according to an FBI filed court
credential-harvesting operation to further his illegal spamming operation which
he advertised on various online criminal forums.
Like other botnets, Kelihos is designed to remain undetected
on the infected victim’s computer, enabling it to secretly receive instructions
for malicious activities and send data back to its operators.
case remains under seal, but offered reporters documents that showed U.S.
investigators obtained court orders to stop Levashov from controlling his
into custody in Spain over the weekend on a U.S. warrant. It was not known if
Levashov had an attorney.
In order to liberate victim computers, US authorities
obtained court orders from the US District of Alaska, granting them permission
to redirect traffic from Kelihos-infected computers onto a substitute server
run by the FBI, and record the IP addresses the machines attempt to connect to.
able to grow back with improvements that made it more resilient. In the most
recent iterations, individual infected computers could update each other with
new code, so that just taking down the few command servers was insufficient.
100,000 computers currently under its control. About 5 to 10 percent reside in
the Justice Department hasn’t said if others might have been involved in the
Scanner to clear Kelihos-related malware from their PCs. Internet service
providers will also be told which IP addresses have been found supporting the
of an online persona known as Peter Severa, spent years listed as among the
world’s 10 most prolific computer spammers by Spamhaus, a spam-tracking group.