US Attempts To Take Down Spam Botnet Kelihos

The U.S. Justice Department announced on Monday (April 10) that an effort was launched to eradicate a spam botnet network known as Kelihos.

The global network, Reuters reported, is made up of thousands of infected computers and was allegedly operated by a Russian man who was recently arrested in Spain.

According to the Justice Department, Peter Yuryevich Levashov operated the Kelihos botnet back in 2010 when it infected computers running Microsoft’s Windows operating system. The DOJ currently has an open criminal case against Levashov that remains under seal, but there is also a civil complaint that’s been filed to block spam from the botnet.

A Justice Department official told Reuters that the botnet has been linked to criminal activity since 2010 and has at times grown to a network as large as 100,000 infected devices. Kelihos has reportedly been used to carry out an array of attacks, including pump-and-dump stock schemes, password thefts and injecting target devices with various strains of malware and ransomware.

Though previous versions of the Kelihos botnet have been able to be taken down in the past, the network typically grows back with improvements that make it even more resilient, Reuters said.

Security researchers from CrowdStrike were called upon by law enforcement to help take out the botnet once and for all.

“We were able to take over the propagation of that list, so the malware-infected hosts were not able to get updates” from each other, Adam Meyers, VP of intelligence at CrowdStrike, explained.