The Kelihos network used more than 10,000 infected computers to deliver spam, deliver ransomware, and steal login information as far back as 2010. Yesterday, the US Justice Department took them down after authorities in Spain arrested their alleged operator Pyotr Levashov. He was traveling with his family from Russian to Spain, and due to Spain having an extradition treaty, was arrested. Kelihos is believed to infect computers and then take control of them to take over systems for their nefarious deeds. They sent millions of fraudulent e-mails and used them to try and access bank accounts.
A criminal complaint against Lvashov charged him with wire fraud and unauthorized interception of electronic communications. His spamming operation is believed to sent out hundreds of millions e-mails each year pushing work-at-home scams and counterfeit drugs.
He is also accused of using Kelihos to install malware and harvest passwords for banking information. While many groups do the same thing, at least taking them out sends a message. It shows that no matter how big the group is, it can be detected and taken down when the time is right. In a sense, it’s very much like catching a local drug dealer. You have instantly taken them out of their harmful craft and can hopefully gather more information to take down bigger, more dangerous groups higher on the food chain.
Kelihos malware targeted Windows OS computers and infected computers became part of the botnet. They could be controlled remotely through a command system, and the US is hoping to neutralize the botnet and liberate the computers by using substitute servers to trick them and also block any commands sent from whoever is operating Kelihos.
There’s no guarantee that the infected computers can be fully saved, but they’ll at least try and minimize the damage. The FBI’s Anchorage and New Haven offices were behind this effort, and the government will continue to provide samples of the Kelishos malware in an effort to allow anti-virus companies to update their programs to eventually detect and remove Kelihos. So far, Microsoft Safety Scanner can detect and remove it. Other companies, like McAfee are working on solutions as well to ensure that users are safe now and for the foreseeable future.