US dismantles Kelihos botnet after Russian hacker's arrest

Peter Levashov has been accused of running the Kelihos botnet, according to the U.S.

The arrest last week of a Russian man in Spain was apparently for his role in a massive spam botnet and not related to an ongoing investigation into foreign tampering with last year's U.S. election.

The botnet, called Kelihos, has enslaved hundreds of thousands of computers, and distributed spam and malware to users across the globe. However, the U.S. has taken action to dismantle the illegal operation, the Department of Justice said on Monday.

The arrest of 36-year-old Peter Yuryevich Levashov, the botnet's alleged operator, was at first thought to be related to the ongoing U.S. investigation of presidential election-related hacking, but the DOJ said on Monday that wasn't the case.

It didn't however reveal the charges against Levashov because the case remains under seal, but offered reporters documents that showed U.S. investigators obtained court orders to stop Levashov from controlling his botnet, which he had allegedly ran since 2010.

Levashov has been accused of infecting Windows PCs with malware to form a botnet, or a network of enslaved computers. Once enslaved, Levashov turned the PC into a mail server without the victim’s knowledge, the U.S. government claimed.

The Kelihos botnet has been found distributing hundreds of millions of spam emails, many of which were advertising counterfeit drugs, promoting penny stocks and work-at-home scams.

He was also suspected of using his botnet to distribute malware, including ransomware, which can hold an infected PC hostage, encrypting the data stored inside unless the owner pays a ransom.

Levashov harvested login credentials from infected PCs too. This was done to break into the users’ online bank accounts or to sneak into the victim’s email accounts to send out more spam. He had even helped other cybercriminals distribute malware in exchange for payment, U.S. investigators claim.

In building its case against Levashov, the FBI noticed that one of the botnet’s servers was constantly logging into an email account at mail.ru. That account was registered to a “Pete Levashov,” and was also associated with an Apple iCloud account under a similar name, according to an FBI filed court document.

To dismantle the Kelihos botnet, the U.S. is essentially severing the link between Levashov and his computers. It’s obtained a court order to redirect internet traffic from Kelihos-infected machines to a dummy server under the investigators’ control.

The FBI estimates the Kelihos botnet has between 25,000 and 100,000 computers currently under its control. About 5 to 10 percent reside in the U.S.

However, the U.S. steps to dismantle Kelihos should disrupt most of the botnet’s activities over the next few days, a Department of Justice official said.

Users can use free antivirus tools such as Microsoft Safety Scanner to clear Kelihos-related malware from their PCs. Internet service providers will also be told which IP addresses have been found supporting the botnet's activities.

Although the dismantling should be a major blow to Kelihos, the Justice Department hasn't said if others might have been involved in the botnet's activities.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?