Earlier this week, Spanish authorities arrested a Russian hacker and “one of the world’s most notorious criminal spammers,” Peter Yuryevich Levashov (Severa) in Spain. Now, the Feds are working on dismantling Kelihos botnet used by Severa to conduct his large-scale cyber crimes.
According to a press release from Department of Justice, an extensive effort to disrupt and dismantle the Kelihos botnet. Kenneth A. Blanco, the Acting Assistant Attorney of the Justice Department’s Criminal Division said that “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks. The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives.”
He further added that “Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics. The Department of Justice is committed to combatting cybercrime, no matter the size or sophistication of the scheme, and to punish those who are engaged in such crimes.”
The Kelihos botnet, also known as Hlux, was first discovered around December 2010, infecting Windows devices and making them part of its operation including denial-of-service attacks (DDoS) and email spam, while its updated version came up with the ability to steal Bitcoin wallets and mine bitcoins on infected devices. The botnet is also used to spread malicious links to users and infected them with malware. Moreover, its later versions also targeted users on social media websites including Twitter and Facebook.
Although killing the world’s most sophisticated botnet is not a piece of cake, therefore, it may take some time for the authorities to announce the final word, but since the announcement was made yesterday we are positive that Kelihos by now is history.
The arrest of Severa is a massive success for the US authorities in its war against Russian hackers and cyber criminals since both countries have been in a cyber war against each other for years. The United States has even accused Russia of hacking its 2017 elections while its Fancy Bears hackers are being a pain in the ass for the Olympians worldwide after the cyber attacks on World Anti-Doping Agency (WADA) and The International Association of Athletics Federations (IAAF).
Here is a DEF CON 21 presentation from Tillmann Werner, a botnet specialist.
