ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Peter Severa / Peter Levashov

Evidence Menu:

Peter Severa / Peter Levashov Index


Country: Russian Federation
State:
A professional spammer who writes and sells virus-spamming spamware and botnet access. Is probably involved in the writing and releasing of viruses & trojans. One of the longest operating criminal spam-lords on the internet. Works with many other Eastern Euro and US based botnet spammers. Was a partner of American spammer Alan Ralsky.


Peter Severa / Peter Levashov SBL Listings History
Current SBL Listings
Archived SBL Listings

MEDIA: Feds deliver fatal blow to botnet that menaced world for 7 years


https://arstechnica.com/tech-policy/2017/04/feds-deliver-fatal-blow-to-botnet-that-menaced-world-for-7-years/

Law & Disorder —
Feds deliver fatal blow to botnet that menaced world for 7 years
Alleged Kelihos kingpin arrested while his family traveled from Russia to Spain.

Dan Goodin - 4/10/2017, 1:15 PM

Federal prosecutors say they've dealt a fatal blow to Kelihos, a network of more than 10,000 infected computers that was used to deliver spam, steal login passwords, and deliver ransomware and other types of malware since 2010.

The US Justice Department announced the takedown on Monday, one day after authorities in Spain reportedly arrested alleged Kelihos operator Pyotr Levashov, according to Reuters. The programmer and alleged botnet kingpin was apprehended after traveling with his family from their home in Russia, which doesn't have an extradition treaty with the US, to Spain, which does have such a treaty. A search warrant application unsealed Monday said prosecutors tied Levashov to Kelihos because he used the same IP address to operate Kelihos and to access his pete777@mail.ru e-mail account. The e-mail address and IP addresses were also associated with multiple online accounts in Levashov's name, including Apple iCloud and Google Gmail accounts.

On Monday, US officials also unsealed a criminal complaint against Levashov that charged him with wire fraud and unauthorized interception of electronic communications. Levashov allegedly operated Kelihos since 2010. According to authorities, he used the botnet to further a spamming operation that distributed hundreds of millions of e-mails per year pushing counterfeit drugs, work-at-home, and pump-and-dump stock scams. Prosecutors also alleged the defendant used Kelihos to install malware on end-user computers and to harvest passwords to online and financial accounts belonging to thousands of Americans.

Levashov, believed to reside in St. Petersburg, has been wanted on criminal charges since before the days of Kelihos. In 2009, he was charged in the District of Columbia with operating the "Storm" botnet. He's long been on a list of the World's Ten Worst Spammers, maintained by antispam volunteer organization Spamhaus.

The feds obtained court permission to redirect Kelihos-infected computers to benign servers operated by authorities instead of the servers the botnet relied on to issue commands and distribute updates. The process is known as "sinkholing." Prosecutors also obtained court permission to block any attempts by Kelihos to regain control of the sinkholed computers. Officials now plan to provide the IP addresses of infected computers connecting to the sinkhole to unspecified groups that will help in getting the machines disinfected.

Federal officials said they worked with security firm CrowdStrike and The Shadowserver Foundation, a volunteer group that gathers information about online crime. Federal prosecutors said they also worked with their law-enforcement counterparts from around the world. The botnet takedown received authorization under Rule 41 of the Federal Rules of Criminal Procedure.


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK12090/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy