Ruslan Grumble - Fotolia
The botnet of tens of thousands of infected computers allegedly under the control of Russian Pyotr Levashov was used for malicious activities, including harvesting log-in credentials, distributing hundreds of millions of spam emails and installing ransomware and other malicious software.
The disruption and takedown of the botnet follows two previous attempts in September 2011 and March 2012 by private industry groups.
Levashov was arrested in Spain under a US international arrest warrant and is also suspected of being involved in hacking attacks linked to alleged interference in the 2016 US presidential election by hacking Democratic Party emails, according to Reuters.
But the AFP news agency has quoted a source in Washington as saying that Levashov’s detention “not tied to anything involving allegations of Russian interference with the US election”.
The US does not have an extradition agreement with Russia and typically waits for suspected Russian criminals to travel to countries where US extradition agreements exist to issue arrest warrants.
A Spanish court will hear whether Levashov can be extradited to the US for trial, reports the BBC.
A previously sealed search warrant application reveals that US prosecutors tied Levashov to Kelihos because he used the same IP address to operate Kelihos and to access his firstname.lastname@example.org e-mail account. Levashov is believed to have operated Kelihos since 2010.
The e-mail address and IP addresses were also associated with multiple online accounts in Levashov’s name, including Apple iCloud and Google Gmail accounts.
A previously sealed criminal complaint against Levashov also reveals that he has been charged with fraud and unauthorised interception of electronic communications.
Read more about botnets
- RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security’s Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is.
- A researcher is urging the security community to consider the implications of massive botnets of fake Twitter accounts.
- In this episode of SearchSecurity’s Risk & Repeat podcast, editors discuss the newest developments around IoT botnets and the threats they pose to users, devices and enterprises.
Levashov reportedly used the aliases Peter Severa and Peter of the North and, according to investigative security journalist Brian Krebs, “there is ample evidence” that he is also the cyber criminal behind the Waledac spam botnet.
In 2009, Levashov was charged with operating the notorious “Storm” botnet, Kelihos’ predecessor. According to anti-spam organisation Spamhaus, Levashov is listed as one of the World’s 10 Worst Spammers and “one of the longest operating criminal spam-lords on the internet”.
“The ability of botnets such as Kelihos to be weaponised quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living and live our everyday lives,” said acting assistant attorney general Kenneth Blanco.
“Our success in disrupting the Kelihos botnet was the result of strong co-operation between private industry experts and law enforcement, and the use of innovative legal and technical tactics,” he said.