Department of Justice targets network it says is responsible for spam emails, distributing ransomware and malware.
US authorities are working to takedown one of the world’s largest botnets, one which controls tens of thousands of infected computers and is used for sending hundreds of millions of spam emails responsible distributing ransomware and malware across the globe.
Working alongside the FBI and cybersecurity firm Crowdstrike, the US Department of Justice has started blocking domains associated with the Kelihos botnet, one of the most prolific networks of hacker-controlled computer systems in the world.
The network of infected Windows machines has been known to send spam emails, distribute ransomware and malware, harvest usernames and passwords and engage in Bitcoin theft and spamming.
It even uses peer-to-peer communications to allow each individual node to act as its own command and control server and its malicious activity is thought to have impacted five percent of all organisations across the globe.
Like other botnets, Kelihos is designed to remain undetected on the infected victims’ computer, enabling the malicious code to secretly receive instructions for malicious activities and sending data back to its cybercriminal operators.
In order to aid in the disruption and dismantling of the botnet, US authorities obtained court orders from the US District of Alaska, granting them permission to redirect traffic from Kelihos-infected computers onto a substitute, FBI run server and record the IP addresses the machines attempt to connect to.
Ultimately, this will allow the authorities to identify Kelihos victims and aid them with removing the malware from their machine, as well as blocking and disrupting attempts to infect others. The US government is also working with antivirus vendors and cybersecurity companies in order to provide the latest patches for protecting against and removing Kelihos infections.
“Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics,” said Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division.
The Department of Justice is committed to combatting cybercrime, no matter the size or sophistication of the scheme, and to punish those who are engaged in such crimes.”
The Justice Department alleges that Russian citizen Peter Yuryevich Levashov has operated the botnet since 2010. Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums. He was arrested in Spain earlier this week.
“This case demonstrates the FBI’s commitment to finding and eradicating cyber threats no matter where they are in the world.” said FBI Special Agent in Charge Marlin Ritzman.
However, while one of the most prolific networks of zombie machines, Kelihos represents just one of many botnets out there infected millions of systems, such as The Necurs botnet which recently came back to life following a mysterious absence.
Cybersecurity experts have also warned that the increasingly prolific nature of the Internet of Things devices – many of which are shipped with insecurities which make them vulnerable to remote takeover – is going only going to make botnet attacks more frequent and more damaging in future.