The US authorities have started to dismantle the notorious Kelihos botnet after its alleged mastermind was arrested in Spain on Friday.
Pyotr Levashov, a 36-year-old Russian, was cuffed in Barcelona following a joint operation between Spanish and US law enforcers.
He’s said to have been controlling Kelihos since 2010, and before that was indicted for running its precursor the Storm botnet.
Kelihos is responsible for spamming users with hundreds of millions of unsolicited emails – facilitating pump-and-dump schemes, advertising fake drugs and other fraud – as well as installing ransomware, banking malware and other malicious code.
Kelihos is designed to operate silently on the victim’s machine, harvesting usernames and passwords and intercepting network traffic, according to the Department of Justice.
The US authorities have sought to liberate unsuspecting victims from the botnet by: “(1) establishing substitute servers that receive the automated requests for instructions so that infected computers no longer communicate with the criminal operator and (2) blocking any commands sent from the criminal operator attempting to regain control of the infected computers.”
The government will record the IP addresses of those victims and pass them on to ISPs and the like who can help with removing the Kelihos malware.
“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks”, said acting assistant attorney general Kenneth Blanco.
“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living and live our everyday lives. Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics.”
This isn’t the first time the Kelihos botnet has been threatened. In 2011 Microsoft claimed victory in taking it offline, but it was back up and running within a year.