The US Department of Justice yesterday revealed that one of the leading email spammers has been apprehended as part of an operation to disrupt and take down the infamous Kelihos botnet.
The Kelihos botnet is a group of tens of thousands of computers that are utilized to deploy massive spamming campaigns including millions of emails. Those spam emails are used for a range of illegal purposes including the distribution of ransomware and malware. The botnet has been widely used to share fake antivirus software and spread credential-stealing malware.
Computers are placed on the Kelihos botnet using malware. Once in place, Kelihos malware runs silently and users are not conscious that their computers have been hacked. The Kelihos botnet can be swiftly weaponized and used for a range of malicious purposes. On previous occasions the botnet has been used for spamming campaigns that artificially inflate stock prices, promote counterfeit drugs and hire people for fraudulent work-at-home schemes.
Pyotr Levashov is thought to be the main user of the botnet along with conducting a wide range of cybercriminal activities out of Russia. In what turned out to be an ill-advised move, Levashov departed from the relative safety of his home country and travelled to Barcelona, Spain on holiday. Levashov was arrested on Sunday, April 9 by Spanish authorities acting on a U.S. issued international arrest warrant.
Levashov is thought to have played a major role in the alleged Russian interference in the U.S. presidential election in 2016, although Levashov is best known for his spamming work, click fraud and DDoS attacks.
Levashov, or Peter Severa as he is alternatively known, is heavily involved in sharing virus spamming software and is believed to have developed numerous viruses and Trojans. Spamhaus lists Levashov in seventh place on the list of the 10 worst spammers.
Levashov is thought to have been responsible for multiple operations that connected virus developers with spamming networks, and is also a main suspect in relation to the running of the Kelihos botnet, the Waledac botnet – which was shut down in 2010 – and the Storm botnet. Levashov was convicted for his role in the latter in 2009, although he managed to prevent his extradition to the United States. At the time, Storm was the largest spamming botnet in operation and was used to broadcast millions of emails every day. Levashov also moderates a number of spamming forums and is well known. Levashov is thought to have been extensively involved in spamming and other cybercriminal activities for the past 20 years; although to date he has not had to answer for his crimes.
A statement issued by the U.S. Department of Justice states: “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.”
The DOJ operation also included the takedown of domains linked with the Kelihos botnet beginning on April 8, 2017. The DOJ says closing down those domains was “an extraordinary task.”
While it is obviously good news that such a high profile and prolific spammer has been caught and the Kelihos botnet has been severely impacted, other spammers are likely to soon replace Levashov. Vitali Kremez, director of research at Flashpoint said his firm had seen chatter on underground forums alleging that well-known spammers are responding to the news of the arrest by taking acting to safeguard their own operations. There may be a period of less activity in email spam volume, but that blip is only likely to be short-lived.