Federal prosecutors say they’ve dealt a fatal blow to Kelihos, a network of more than 10,000 infected computers that was used to deliver spam, steal login passwords, and deliver ransomware and other types of malware since 2010.
The US Justice Department announced the takedown on Monday, one day after authorities in Spain reportedly arrested alleged Kelihos operator Pyotr Levashov, according to Reuters. The programmer and alleged botnet kingpin was apprehended after traveling with his family from their home in Russia, which doesn’t have an extradition treaty with the US, to Spain, which does have such a treaty. A search warrant application unsealed Monday said prosecutors tied Levashov to Kelihos because he used the same IP address to operate Kelihos and to access his pete777@mail.ru e-mail account. The e-mail address and IP addresses were also associated with multiple online accounts in Levashov’s name, including Apple iCloud and Google Gmail accounts.
On Monday, US officials also unsealed a criminal complaint against Levashov that charged him with wire fraud and unauthorized interception of electronic communications. Levashov allegedly operated Kelihos since 2010. According to authorities, he used the botnet to further a spamming operation that distributed hundreds of millions of e-mails per year pushing counterfeit drugs, work-at-home, and pump-and-dump stock scams. Prosecutors also alleged the defendant used Kelihos to install malware on end-user computers and to harvest passwords to online and financial accounts belonging to thousands of Americans.