ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Peter Severa / Peter Levashov

Evidence Menu:

Peter Severa / Peter Levashov Index


Country: Russian Federation
State:
A professional spammer who writes and sells virus-spamming spamware and botnet access. Is probably involved in the writing and releasing of viruses & trojans. One of the longest operating criminal spam-lords on the internet. Works with many other Eastern Euro and US based botnet spammers. Was a partner of American spammer Alan Ralsky.


Peter Severa / Peter Levashov SBL Listings History
Current SBL Listings
Archived SBL Listings

MEDIA: U.S. targets spam botnet after Russian arrested in Spain


TECHNOLOGY NEWS | Tue Apr 11, 2017 | 12:11am BST
U.S. targets spam botnet after Russian arrested in Spain

By Dustin Volz and Joseph Menn | WASHINGTON
The U.S. Justice Department said on Monday it had launched an effort to take down the Kelihos botnet, a global network of tens of thousands of infected computers it claims was operated by a Russian national who was arrested in Spain over the weekend.

Peter Yuryevich Levashov operated the Kelihos botnet that infected computers running Microsoft Corp's Windows operating system since approximately 2010, the Justice Department said.

A criminal case against Levashov by the Justice Department remains under seal, but on Monday the department announced a civil complaint intended to block spam from the botnet.

Russian-state media service RT reported Levashov was taken into custody in Spain over the weekend on a U.S. warrant.

It was not known if Levashov had an attorney. The Russian Embassy in Washington was not immediately available for comment.

Levashov, who has long been considered the likely identity of an online persona known as Peter Severa, spent years listed as among the world's 10 most prolific computer spammers by Spamhaus, a spam-tracking group.

RT quoted Levashov's wife as saying he was arrested on charges stemming from the U.S. government's belief that Russia interfered in last year's U.S. election to help President Donald Trump win. Russia has denied interfering in the U.S. election.

A Justice Department official, who spoke to reporters on condition of anonymity, said on Monday the current action against the botnet was not related to the election.

The Kelihos botnet has been a source of criminal activity targeting computer users worldwide since at least 2010, the official said.

The botnet at times grew larger than 100,000 simultaneously infected devices to carry out various spam attacks, including pump-and-dump stock schemes, password thefts and injecting various forms of malware, including ransomware, into target devices, the official said. Botnets are often rented out for multiple criminal uses as well.

In order to liberate the "victim" computers, the United States obtained court orders to take measures to neutralize the Kelihos botnet, including establishing substitute servers and blocking commands sent from the botnet operator, the department said.

Three previous versions of Kelihos had been taken down, but each time it was able to grow back with improvements that made it more resilient.

The biggest problem was that in the most recent iterations, individual infected computers could update each other with new code, so that just taking down the few command servers was insufficient.

"We were able to take over the propagation of that list, so the malware-infected hosts were not able to get updates" from each other, said Adam Meyers, Vice President of Intelligence at CrowdStrike.

The Kelihos operation was the first targeting a botnet to use a recent judicial rule change that allows the Federal Bureau of Investigation to obtain a sole search warrant to remotely access computers located in any jurisdiction, potentially even overseas, a Justice Department spokesman said. Previously such warrants could only be used within a judge's jurisdiction.

Such a warrant was used out of an abundance of legal caution, the Justice Department official told reporters, adding that the Kelihos actions were similar to previous ones U.S. authorities have taken to disrupt other botnets.

Victim computers were not infiltrated by the FBI but redirected to a computer controlled by law enforcement, often called a "sinkhole," to cut off the connection between infected devices and the botnet operator, the official said.

(Reporting by Dustin Volz, Joseph Menn and Eric Beech; editing by Lisa Shumaker and G Crosse)


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK12079/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy