Poor coding could enable the DoJ to take over the Kelihos botnet network

Although the Kelihos botnet has grown resilient after every strike, in this attempt the DoJ may have stumbled upon on a critical weakness from which it may never recover.

The U.S Justice Department has disclosed, it has launched an effort to take down the Kelihos, a global network of infected computers numbering into tens of thousands which was operated by a Russian national who was arrested in Spain last week.

The Justice Department has stated that Peter Yuryevich Levashov, the operator of the Kelihos botnet since 2010 has been arrested.

Although a criminal case against Levashov remains under seal, the DoJ has filed a civil complaint to block the spam from the botnet.

RT, the Russian-state media service has reported that Levashov has been taken into custody in Spain over the weekend on a U.S. warrant.

It is as yet unclear as to whether Levashov has had access to an attorney. The Russian Embassy in Washington was not immediately available for comment.

As per Spamhaus, a spam-tracking group, Levashov, who since long has been considered the online face of Peter Severa, is listed as among the world’s 10 most prolific computer spammers.

RT reported Levashov’s wife as saying he was arrested on charges stemming from the U.S. government’s belief that Russia interfered in its presidential election in which President Donald Trump won.

Russia has repeatedly denied the charge.

As per an official from the Justice Department, the current charge against Levashov was not related to the U.S. election.

The official stated that the Kelihos botnet has been a source of criminal activity which targeted computer users worldwide since at least 2010.

At its peak, the 100,000 strong botnet was used to carry out password thefts, spam attacks, pump-and-dump stock schemes, injection schemes using various forms of malwares, including ransomware, said the official.

Typically botnets are rented out to multiple criminals for their use.

In order to neutralise the Kelihos botnet, the DoJ is trying to establish substitute servers and block commands sent from botnet operators, said the department.

This isn’t the first time that the DoJ is grappling with the Kelihos botnet. Earlier it has tried to take on the botnet three times, but every time it was able to grow back and has become more resilient.

In its latest iteration, the infected computers who are part of the botnet, can update each other and thus fight back attempts to neutralise the command server. Instead of a central command server, the Kelihos botnet has adopted a distributed model, thus making attempts to hijack the central botnet server redundant.

However, with law enforcement agencies collaborating with private security firms, including CrowdStrike Inc, whose developpers found a wrong implementation of code which distributes the list of infected machines which the nodes on the botnet contact to update themselves.

“We were able to take over the propagation of that list, so the malware-infected hosts were not able to get updates” from each other, said Adam Meyers, Vice President of Intelligence at CrowdStrike.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s