The Kelihos botnet had tens of thousands of computers in its network
The Kelihos botnet had tens of thousands of computers in its network

The United States has begun dismantling the Kelihos botnet, the US Department of Justice (DoJannounced on Monday.

A civil complaint was filed in the District Court of Alaska against the purported Kelihos botmaster, Peter Levashov on 4 April, in an attempt to begin dismantling the network of zombified computers.

The civil complaint calls Levashov “one of the world's worst criminal spammers” and accuses him of wire fraud and unauthorised interception of electronic communications as the controller of the Kelihos botnet.

The complaint was quickly followed by the US Federal Bureau of Investigation (FBI) blocking malicious domains associated with the botnet on 8 April.

On 10 April, a variety of US law enforcement officials announced that the operation had begun with acting assistant attorney General Blanco saying, “Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics.”

Added to the statement was the fact that Kelihos samples are being actively shared with the internet security community, so antivirus providers can update their software.

Kelihos boasted a botnet of around 45,000 computers in 2010, but at its height could apparently call on 100,000 to do its bidding.

Its main business was spam emails which advertised fake drugs and pump-and-dump stock schemes, but it was also known to distribute ransomware and the Vawtrak banking trojan.

Levashov allegedly offered a different pricing structure for the use of his bots, for instance charging $500 (£399) per million messages that were loaded with ransomware.

The Kelihos malware, which enslaved computers into its botnet, also went about actively harvesting credentials from its victims in order to further itself. The malware would search for email addresses, usernames and passwords within the computer itself as well its network traffic.

Levashov currently holds sixth place on Spamhaus' World's Ten Worst Spammers. Before Kelihos, Levashov was accused in 2009 of operating the Storm botnet which was also a mass distributor of unsolicited spam.

Spanish law enforcement arrested the Russian national in Barcelona last week for as yet unknown reasons.

Observers speculated that the arrest may have been in connection to the ‘hacking' of the 2016 US election. State-funded news organ, Russia Today, reported that Levashov's wife said that the arrest "linked to Trump winning the elections."