DOJ plans to disrupt global spam network after arrest of Russian hacker | CNN Business

CNN
—

The U.S. Department of Justice announced a “broad effort to disrupt and dismantle” a network of thousands of compromised computers under the control of a suspected cybercriminal, a statement released Monday said.

The “botnet” was responsible for sending hundreds of millions of spam emails, intercepting users’ online and financial credentials, and “installing ransomware and other malware,” according to the statement.

A botnet is a sophisticated network of computers that have been infected with malware, putting them under the control of a hacker who can “weaponize” them to do his bidding.

“The ability of botnets like Kelihos to be quickly weaponized for large and varied types of damage is a dangerous and profound threat to all Americans, going to the core of how we communicate, connect, make a living, and live our daily lives”. said Acting Assistant Attorney General Kenneth Blanco.

The move to dismantle the Kelihos botnet comes after Russian hacker Peter Levashov was arrested in Spain on Friday, and will “redirect computers infected by Kelihos to a surrogate server” in order to flag machines that have become part of the network by Levashov. and block communication between the compromised computer and the criminal operator.

The Kelihos botnet was capable of spreading malware, intercepting sensitive information and sending spam emails, including counterfeit drugs and promoting stocks to increase their value – so-called “pump-and-dump” stock fraud schemes .

Levashov is one of the web’s most notorious spammers, says the spam-tracking nonprofit Spamhaus Project, and is “one of the longest-running spam lords on the Internet.” He ranks #7 on their global “10 Worst Spammers” list.

Meet the FBI’s 5 Most Wanted Cybercrimes

The Kelihos botnet targeted machines running Microsoft’s Windows operating system.

It is, like other botnets, “designed to operate automatically and undetected on victims’ computers, with the malicious code secretly sending requests for instructions to the botnet operator,” the statement said.

According to the statement, the Russian cybercriminal has allegedly operated the botnet since 2010. According to the DOJ, he advertised his services on various online criminal forums.

“Cybercrime is a global problem, but one that infects its victims directly through the computers and personal electronic devices we use every day,” U.S. Attorney Bryan Schroder for the District of Alaska said in the statement.

“Protecting the American people from such a global threat requires a far-reaching response, and the dismantling of the Kelihos botnet was such an operation.”

The US government will share samples of the malware with antivirus vendors to facilitate updates to their programs that will allow them to detect and remove Kelihos, the statement said.

Several existing programs are already capable of detecting and removing Kelihos, including the free-to-use Microsoft Safety Scanner.

The new software targets the ‘ransomware’ used to steal millions