Ruslan Grumble - Fotolia

Kelihos botnet downed after arrest of alleged kingpin

The US has led the takedown of the international botnet Kelihos after the arrest in Spain of the Russian believed to have operated the botnet since 2010

The US department of justice has announced the takedown of the Kelihos botnet a day after Spanish police arrested the alleged operator of the botnet in Barcelona.

The botnet of tens of thousands of infected computers allegedly under the control of Russian Pyotr Levashov was used for malicious activities, including harvesting log-in credentials, distributing hundreds of millions of spam emails and installing ransomware and other malicious software.

The disruption and takedown of the botnet follows two previous attempts in September 2011 and March 2012 by private industry groups.

Levashov was arrested in Spain under a US international arrest warrant and is also suspected of being involved in hacking attacks linked to alleged interference in the 2016 US presidential election by hacking Democratic Party emails, according to Reuters.

But the AFP news agency has quoted a source in Washington as saying that Levashov’s detention “not tied to anything involving allegations of Russian interference with the US election”.

The US does not have an extradition agreement with Russia and typically waits for suspected Russian criminals to travel to countries where US extradition agreements exist to issue arrest warrants.

A Spanish court will hear whether Levashov can be extradited to the US for trial, reports the BBC.

A previously sealed search warrant application reveals that US prosecutors tied Levashov to Kelihos because he used the same IP address to operate Kelihos and to access his [email protected] e-mail account. Levashov is believed to have operated Kelihos since 2010.

The e-mail address and IP addresses were also associated with multiple online accounts in Levashov’s name, including Apple iCloud and Google Gmail accounts.

A previously sealed criminal complaint against Levashov also reveals that he has been charged with fraud and unauthorised interception of electronic communications.

Read more about botnets

Levashov reportedly used the aliases Peter Severa and Peter of the North and, according to investigative security journalist Brian Krebs, “there is ample evidence” that he is also the cyber criminal behind the Waledac spam botnet.

In 2009, Levashov was charged with operating the notorious “Storm” botnet, Kelihos’ predecessor. According to anti-spam organisation Spamhaus, Levashov is listed as one of the World’s 10 Worst Spammers and “one of the longest operating criminal spam-lords on the internet”.

“The ability of botnets such as Kelihos to be weaponised quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living and live our everyday lives,” said acting assistant attorney general Kenneth Blanco.

“Our success in disrupting the Kelihos botnet was the result of strong co-operation between private industry experts and law enforcement, and the use of innovative legal and technical tactics,” he said.

Read more on Hackers and cybercrime prevention