The US Department of Justice announced an “extensive effort to disrupt and dismantle” a network of thousands of compromised computers under the control of an alleged cybercriminal, a statement released Monday said.
The “botnet” was responsible for the sending of hundreds of millions of spam e-mails, intercepting users’ online and financial credentials and “installing ransomware and other malicious software,” according to the statement.
A botnet is a sophisticated network of computers that have been infected with malware, placing them under the control of a hacker who can “weaponize” them to do his or her bidding.
“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Kenneth Blanco, acting assistant attorney general.
The move to dismantle the Kelihos botnet comes on the heels of the arrest on Friday of Russian hacker Peter Levashov in Spain, and will “redirect Kelihos-infected computers to a substitute server” in order to flag machines that have become part of Levashov’s network, and block communication between the compromised computer and the criminal operator.
The Kelihos botnet was capable of spreading malware, intercepting sensitive information and sending spam emails, including counterfiet drugs and promoting stocks to raise their value — the so-called “pump-and-dump” stock fraud schemes.
Levashov is one of the web’s most notorious spammers, says spam-tracking non-profit Spamhaus Project and is “one of the longest operating criminal spam-lords on the internet.” He is ranked #7 on its global list of “the 10 worst spammers.”
Windows OS targeted
The Kelihos botnet targeted machines running Microsoft’s Windows OS.
It is, like other botnets, “designed to operate automatically and undetected on victims’ computers, with the malicious code secretly sending requests for instructions to the botnet operator,” the statement said.
According to the statement, the Russian cybercriminal has allegedly operated the botnet since 2010. According to the DOJ he advertised his services on a number of online criminal forums.
“Cybercrime is a worldwide problem, but one that infects its victims directly through the computers and personal electronic devices that we use every day,” Acting US Attorney Bryan Schroder for the District of Alaska is quoted as saying in the statement.
“Protecting the American people from such a worldwide threat requires a broad-reaching response, and the dismantling of the Kelihos botnet was such an operation.”
The US government will share samples of the malware with antivirus vendors in facilitate updates to their programs which will allow them to detect and remove Kelihos, the statement says.
Several existing programs are already capable of detecting and removing the Kelihos, including the free-to-use Microsoft Safety Scanner.