Advertisment

On April 10, 2017, the Department of Justice announced a massive law enforcement operation that aimed to eliminate the Kelihos botnet. The operation involved US law enforcement agencies and “foreign” partners, according to the press release. A Pen Register Trap and Trace Order, signed by a United States Magistrate Judge, allowed the FBI to sinkhole the botnet. On April 21, a federal grand jury in Bridgeport, Connecticut, formally charged the creator of the botnet.

Peter Yuryevich Levashov, a 32-year-old Russian National, was the focus of an international investigation. Now, after only a short period of time, a grand jury returned an indictment that charged Levashov with seven unique crimes. One count of aggravated identity theft; one count of threatening to cause damage to a computer; one count of causing intentional damage to a computer; one count of accessing computers for fraudulent purposes; one count of wire fraud; one count of conspiracy; and two counts of email fraud.

Upon the news of a newly filed warrant from the District of Connecticut, on March 24, authorities in Barcelona arrested Levashov. The 32-year-old, also known as Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov, lived in Russia at the time of his arrest. The Department of Justice is still fighting for extradition of the Russian National. The US has a long history of fighting for extradition of hackers or alleged computer criminals.

Levashov, according to the Criminal Complaint, ran the botnet since 2010. Researchers first found the Kelihos botnet in December 2010 but there was doubt as to whether or not Kelihos was a unique botnet or a rebranding of the Storm and Waledac botnets. Even in 2010, the botnet could send out billions of spam emails every day. Even Microsoft helped fight the first iteration of the Kelihos botnet. They filed complaints against 20 or more individuals, but ultimately withdrew the complaints.

Researchers discovered a second iteration of the botnet in 2012. Several private firms sinkholed the botnet. Law enforcement used the same tactic on this renewed version too. Although the jury is still out when it comes to the botnet’s origin. Some believe that the most recent version of the Kelihos botnet came from the skeleton of its predecessor. Others believe the network is brand new.

Regardless, law enforcement targeted the Kelihos botnet for the same reasons each time. Sometimes to a different degree than others but the point remains. Levashov used the botnet network to intercept internet traffic so that he could harvest relevant credentials. The botnet impacted the most, though, through one of the largest email advertising scams. At the minimum, the Kelihos botnet distributed a massive number of unsolicited spam emails. The emails promoted various scans that seemed legitimate, generated interest in the stock value of value companies, and promoted online counterfeit pharmacies.

He installed additional malware on a smaller number of computers, documents explained. The malware specifically targeted banking passwords or took the form of ransomware.

No further information has been released at this time. Levashov, as of the date of this article, is still in Spain.

Get the latest Bitcoin News on The Bitcoin News
Our Social Networks:
Facebook Instagram Pinterest Reddit Telegram Twitter Youtube