Law Enforcement Ends Kelihos Botnet’s 7-Year Operation

- April 11, 2017

The US Department of Justice announced Monday its efforts to dismantle the massive botnet known as Kelihos, which for at least seven years has run a legion of 10,000 infected computers to send spam, harvest credentials and deliver malware including ransomware.

In addition to dealing what Ars Technica described as a “fatal blow” to the botnet’s operations, law enforcement officials in Spain detained the suspected operator of Kelihos, Pyotr Levashov, in Barcelona. His identity was tied to the Kelihos botnet through a related IP address that operated the botnet and also access a personal e-mail address.

The e-mail and IP addresses, according to Ars, “were also associated with multiple online accounts in Levashov’s name, including Apple iCloud and Google Gmail accounts.”

According to the Justice Department announcement, Kelihos was responsible for distributing “hundreds of millions” of spam e-mail messages a year.

“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,”Acting Assistant Attorney General Kenneth Blanco said in a statement.