Justice Department begins process to dismantle international Kelihos botnet

The U.S. Department of Justice (DOJ) recently began the extensive process to dismantle the international Kelihos botnet, which has facilitated thousands of malicious attacks and cybercrimes throughout the world.

DOJ officials said the botnet played a part in harvesting thousands of login credentials, distributing hundreds of millions of spam e-mails, and installing ransomware and other malicious software.

A Russian citizen, Peter Yuryevich Levashov, was named as an alleged operator of the botnet in a civil complaint.

“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” Acting Assistant Attorney General Kenneth A. Blanco said. “Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics.”

The botnet reportedly targeted devices using the Microsoft Windows operating system. When a device was compromised, it became part of a network of infected computers known as a botnet and was controlled via a decentralized command system.

The botnet reportedly harvested user login credentials by monitoring network traffic and searching infected computers for usernames and passwords.

The Kelihos system also generated and distributed unsolicited spam emails advertising counterfeit drugs, work-at-home scams, and deceptively promoting stocks to fraudulently increase their prices. The spam emails also distributed malicious ransomware that required a user to pay a fee to obtain access to their own stolen documents.

The Federal Bureau of Investigation’s Anchorage and New Haven offices led the efforts to dismantle the botnet with assistance from foreign partners.