Law Enforcement

Feds make arrest in decade-long botnet probe

Shutterstock image 

The Justice Department unsealed an indictment against Peter Yuryevich Levashov, an accused computer scammer who is charged with running spam botnets for more than a decade.

Levashov was arrested in Spain. It's not clear from the charging documents whether the U.S. had cooperation in his arrest from Russian authorities, and law enforcement officials involved with the case did not elaborate on how they snared the elusive suspect.

A representative from the Department of Justice did dispute European press reports, however, that suggested Levashov's arrest was linked to allegations of Russian influence on the 2016 U.S. elections.

Levashov, who has been charged twice previously in botnet cases, is alleged to be the controller of the Kelihos botnet, which has ensnared more than 100,000 computers worldwide at its most powerful. Currently, the FBI alleges that between 25,000 and 100,000 computers are infected with Kelihos malware, a persistent, hard-to-detect program that traps victim computers in a web of spam distribution and surreptitious data collection. The FBI estimates that between 5 and 10 percent of the botnet's computers are in the U.S.

According to charging documents unsealed April 10, the Kelihos botnet allegedly was used to sell prescription pharmaceuticals, engage in "pump-and-dump" stock schemes, distribute ransomware and peddle money-laundering schemes. Levashov made money renting his botnet to criminals who wanted reach and computing power for their phishing schemes and black market activity. According to charging documents, the Kelihos botnet offered gray-market advertising services for $200 per million emails delivered, while charging $300/million for dubious employment schemes and $500/million for phishing email sends.

FBI agents connected Levashov to the Kelihos botnet by examining the trail of email address registrations, mobile phone information and IP data that are linked both to the botnet and to Levashov individually, including records from Apple's iCloud service, Google's Gmail and the social media network Foursquare.

The FBI used the modified Rule 41 in its investigation, which gives federal law enforcement enhanced authority to conduct surveillance on computers linked to a botnet or other suspected computer crime using a single warrant. However, a Justice Department official said on an April 10 call with reporters that this was done "out of an abundance of caution" and that law enforcement did not search the hard drives of computers that were caught up in the Kelihos botnet.

As a result of the probe, infected computers are being steered to a site called a "sinkhole" that alerts the owners that their machines have been ensnared in a botnet and delivers antivirus and other security software designed to remove the Kelihos malware.

The Justice official said that investigators were seeing a decrease in the number of computers connected to the botnet, but it will be some time before the network is completely offline.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected