A Russian man is under arrest in Spain and U.S. authorities are trying to dismantle a botnet he is accused of controlling.
Pyotr Levashov, also known as Severa, stands accused of running the Kelihos botnet since 2010. After his arrest, the U.S. Department of Justice (DoJ) is attempting to take down the botnet.
Kelihos is a global network of infected Windows computers used to carry spam attacks advertising various fraud schemes and counterfeit drugs, but also to harvest passwords and infect devices with malware.
The DoJ announcement comes after Levashov’s arrest. Severa is accused of operating the botnet since 2010.
“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent emails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks. The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Acting Assistant Attorney General Kenneth Blanco.
The success in disrupting Kelihos was the result of strong cooperation between private industry experts and law enforcement, as well as the use of “innovative legal and technical tactics.”
Acting U.S. Attorney Bryan Schroder for the District of Alaska added cybercrime was a worldwide problem, but one that infects its victims directly through the computers and personal electronic devices that we use every day.
The operation against Khelios began on April 8 when they started blocking malicious domains associated with the botnet to prohibit further infections, said FBI Special Agent in Charge Marlin Ritzman.
“The warrant obtained by the government authorizes law enforcement to redirect Kelihos-infected computers to a substitute server and to record the Internet Protocol addresses of those computers as they connect to the server. This will enable the government to provide the IP addresses of Kelihos victims to those who can assist with removing the Kelihos malware including Internet service providers,” the file said.