Kelihos botnet operator jailed for account theft, ID trading in the Dark Web

Prosecutors say the man lived comfortably by selling stolen credentials harvested through the botnet's activities.
Written by Charlie Osborne, Contributing Writer

A Russian man has pleaded guilty for running the Kelihos botnet which was used to facilitate a massive spam and credential-harvesting operation worldwide.

On Wednesday, US law enforcement said that Peter Yuryevich Levashov, of St. Petersburg, Russia, pleaded guilty in a Connecticut US District Court to operating the botnet, as well as a wealth of other cybercriminal activities.

Botnets are systems made up of enslaved PCs and Internet-connected devices, made possible through malware infections and hijacking. These slave networks can be used to perform Distributed Denial-of-Service (DDoS) attacks against online services, as well as facilitate massive spam campaigns.

The 38-year-old programmer has operated multiple botnets since the 1990s, including Kelihos, Storm, and Waledac. However, the charges relate to Kelihos, which was used to distribute bulk spam messages and malware including banking Trojans and ransomware.

The malware and fraudulent emails sent would focus on the theft of online credentials. When victims fell prey to phishing, malware payloads would be deployed or fraudulent websites would be used to steal credentials.

Stoken IDs, account details, and credit cards were then traded on the Dark Web.

TechRepublic: Simple ways to avoid malware on all your devices

The average credit card number may only fetch $12 in underground forums but the wealth Levashov managed to gain through his criminal enterprises allowed him to live "comfortably," according to law enforcement, while his victims dealt with the aftermath of having their financial details compromised.

The man has previously been called one of the world's most notorious criminal spammers. However, it wasn't just the Russian national that profited from Kelihos -- as he also offered the network to other criminals for rental.

It is believed that Kelohis alone was able to infect at least 50,000 PCs.

Levashov was arrested in Barcelona in 2017, based upon an international arrest warrant issued in Connecticut. Spanish authorities then extradited the Russian man on the United States' request.

See also: A question of security: What is obfuscation and how does it work?

Levashov pleaded guilty to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud and one count of aggravated identity theft.

Sentencing is scheduled for September 6 next year and Levashov will remain detained until this date.

CNET: We can't stop botnet attacks alone, says US government report

"For over two decades, Peter Levashov operated botnets which enabled him to harvest personal information from infected computers, disseminate spam, and distribute malware used to facilitate multiple scams," said Assistant Attorney General Benczkowski. "We are grateful to Spanish authorities for his previous arrest and extradition."

The US Department of Justice (DoJ) has since dismantled the botnet. Together with cybersecurity experts, the botnet was sinkholed last year through the diversion of traffic from malicious domains -- gorodkoff.com, goloduha.info, and combach.com- to servers controlled by authorities.

How to discover and destroy spyware on your smartphone (in pictures)

Previous and related coverage

Editorial standards