Law Enforcement

Feds make arrest in decade-long botnet probe

Shutterstock image 

The Justice Department unsealed an indictment against Peter Yuryevich Levashov, an accused computer scammer who is charged with running spam botnets for more than a decade.

Levashov was arrested in Spain. It's not clear from the charging documents whether the U.S. had cooperation in his arrest from Russian authorities, and law enforcement officials involved with the case did not elaborate on how they snared the elusive suspect.

A representative from the Department of Justice did dispute European press reports, however, that suggested Levashov's arrest was linked to allegations of Russian influence on the 2016 U.S. elections.

Levashov, who has been charged twice previously in botnet cases, is alleged to be the controller of the Kelihos botnet, which has ensnared more than 100,000 computers worldwide at its most powerful. Currently, the FBI alleges that between 25,000 and 100,000 computers are infected with Kelihos malware, a persistent, hard-to-detect program that traps victim computers in a web of spam distribution and surreptitious data collection. The FBI estimates that between 5 and 10 percent of the botnet's computers are in the U.S.

According to charging documents unsealed April 10, the Kelihos botnet allegedly was used to sell prescription pharmaceuticals, engage in "pump-and-dump" stock schemes, distribute ransomware and peddle money-laundering schemes. Levashov made money renting his botnet to criminals who wanted reach and computing power for their phishing schemes and black market activity. According to charging documents, the Kelihos botnet offered gray-market advertising services for $200 per million emails delivered, while charging $300/million for dubious employment schemes and $500/million for phishing email sends.

FBI agents connected Levashov to the Kelihos botnet by examining the trail of email address registrations, mobile phone information and IP data that are linked both to the botnet and to Levashov individually, including records from Apple's iCloud service, Google's Gmail and the social media network Foursquare.

The FBI used the modified Rule 41 in its investigation, which gives federal law enforcement enhanced authority to conduct surveillance on computers linked to a botnet or other suspected computer crime using a single warrant. However, a Justice Department official said on an April 10 call with reporters that this was done "out of an abundance of caution" and that law enforcement did not search the hard drives of computers that were caught up in the Kelihos botnet.

As a result of the probe, infected computers are being steered to a site called a "sinkhole" that alerts the owners that their machines have been ensnared in a botnet and delivers antivirus and other security software designed to remove the Kelihos malware.

The Justice official said that investigators were seeing a decrease in the number of computers connected to the botnet, but it will be some time before the network is completely offline.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected