14 DAY TRIAL // Now that Russian hacker Pyotr Levashov, also known as Severa, has been arrested in Spain, the US authorities are trying to dismantle his massive botnet which was used to send hundreds of millions of spam emails every year.
According to a statement from the US Justice Department, an effort to take down the Kelihos botnet is being launched. Kelihos is a global network of infected Windows computers which were used to carry spam attacks advertising various fraud schemes and counterfeit drugs, but also to harvest passwords and infect devices with malware.
The announcement comes after news of Levashov's arrest has reached all corners of the world. Severa has allegedly been operating the botnet since 2010. In fact, he currently ranks seventh on the World's Ten Worst Spammers list, according to Spamhaus, a spam-tracking group.
"The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives," said Acting Assistant Attorney General Kenneth Blanco.
He adds that the success in disrupting Kelihos was the result of strong cooperation between private industry experts and law enforcement, as well as the use of "innovative legal and technical tactics."
Acting US Attorney Bryan Schroder for the District of Alaska added that cybercrime was a worldwide problem, but one that infects its victims directly through the computers and personal electronic devices that we use every day.
Ongoing operation
According to FBI Special Agent in Charge Ritzman, the operation against Khelios began on April 8 when they started blocking malicious domains associated with the botnet to prohibit further infections.
"The warrant obtained by the government authorizes law enforcement to redirect Kelihos-infected computers to a substitute server and to record the Internet Protocol addresses of those computers as they connect to the server. This will enable the government to provide the IP addresses of Kelihos victims to those who can assist with removing the Kelihos malware including internet service providers," the file further reveals.
It's going to take a little while, but we can probably assume that Kelihos is officially done.