U.S. Authorities Begin To Dismantle The Kelihos Botnet

U.S. authorities have started to dismantle the massive Kelihos botnet after the arrest of the Russian hacker Pyotr Levashov a/k/a Severa in Spain. The U.S. Justice Department has come out with a statement, announcing that the effort to take down Kelihos has already been launched.

The Kelihos botnet has been used to distribute hundreds of millions of spam emails each year. Kelihos is a global network comprised of infected computers running the Windows operating system that are all used in spam attacks that advertise counterfeit drugs, various fraud schemes, and are used to infect devices with various types of malware since at least 2010.

The mastermind behind the Kelihos botnet is said to be the Russian citizen Pyotr Levashov, who was arrested in Spain two weeks ago. According to the complaint that was filed in a federal court, Levashov is a notorious cyber-criminal that has been indicted for wire and email fraud for the first time more than a decade ago. Severa, the pseudonym that Levashov goes by is currently ranked in the seventh spot in the World's Ten Worst Spammers list compiled by the spam-tracking group Spamhaus.

Kenneth Blanco, Acting Assistant Attorney General, stated that: "The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks. The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives."

FBI Special Agent in Charge Ritzman said that the operation against the Kelihos botnet began on April 8 when authorities began to block malicious domains associated with the botnet in order to prevent further infections coming from it.

The Justice Department announcement also revealed that: "The warrant obtained by the government authorizes law enforcement to redirect Kelihos-infected computers to a substitute server and to record the Internet Protocol addresses of those computers as they connect to the server. This will enable the government to provide the IP addresses of Kelihos victims to those who can assist with removing the Kelihos malware including internet service providers."

Although the operation is probably still underway, we can be pretty sure that the Kelihos botnet is officially done.