The United States Department of Justice (“DOJ”) recently announced that it would be undertaking an “extensive effort to disrupt and dismantle the Kelihos botnet – a global network of tens of thousands of infected computers under the control of a cybercriminal that [were] used to facilitate malicious activities including harvesting login credentials, distributing hundreds of millions of spam e-mails, and installing ransomware and other malicious software.”
The DOJ is targeting an ongoing international scheme and seeks to protect American citizens and to find and combat cybercrime no matter where such threats are in the world. According to Acting U.S. Assistant Attorney General Kenneth A. Blanco: “The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives.”
In connection with its efforts to dismantle the Kelihos operation, the government filed a complaint in the United States District Court for the District of Alaska against defendant Peter Yuryevich Levashov, seeking to enjoin him from engaging in wire fraud and unauthorized interception of electronic communications. Levashov has allegedly operated the Kelihos botnet since approximately 2010, targeting computers running Microsoft Windows operating systems. The computers infected with the malware were then allegedly funneled into the Kelihos network, becoming “part of a network of compromised computers known as a botnet and [that] were controlled remotely through a decentralized command and control system,” allowing Kelihos to operate on infected computers behind the scenes undetected on victims’ computers. Essentially, the computers infected with malware allegedly became part of a sophisticated network under the control of a criminal operator who could “weaponize” the network to do his bidding.
The government further announced that it began on April 8, 2017, the far-reaching and difficult process of “blocking malicious domains associated with the Kelihos botnet to prohibit further infections.” In connection with that effort, the government obtained court orders out of the U.S. District Court for the District of Alaska to facilitate neutralization of the botnet by (1) establishing substitute servers so that infected computers cannot communicate with the criminal operator, and (2) blocking any attempt of the criminal operator to re-establish control of previously infected computers.
Peter Yuryevich Levashov, the 36-year-old Russian man named as defendant by the government in the civil complaint, was taken into custody earlier this month while vacationing in Barcelona, Spain. The pending criminal investigation against Levashov remains under seal.
The government stated that it has and will continue to share samples of the Kelihos malware with the Internet security community so that antivirus vendors can update their programs to detect and remove Kelihos.
