“Bot Master” hacker Peter Levashov infected more than 200k computers to be jailed in the U.S.

U.S. authorities are trying to establish a harsh sentence against Peter Levashov, Russian hacker known in the cybercriminal community as the “Bot Master”, accusing him of operating a massive botnet dedicated to stealing login credentials, distributing phishing emails and delivering malware.

Levashov, 40, pleaded guilty in 2018 to one count of conspiracy to commit wire fraud, identity theft and other charges related to criminal hacking and botnet operation, capable of sending billions of unwanted emails and deploying powerful denial of service (DoS) attacks.

The U.S. Department of Justice (DOJ) revealed that prosecutors expect the defendant to be sentenced later this week. The hearing will be held via video conference before U.S. District Judge Robert Chatigny.

The prosecution argues that Levashov spent at least ten years dedicated to the operation of botnets, including one composed of more than 200 thousand infected devices. Employing this malicious infrastructure, the defendant managed to collect millions of email addresses, login credentials and passwords, in addition to distributing malware to hundreds of thousands of targets.

“Levashov used the aforementioned botnets to send billions of spam messages, which included all kinds of content, from relatively harmless advertisements to files loaded with multiple malware variants,” prosecutor Edward Chang said. The prosecutor adds that Levashov, also known as “Peter Severa,” was in charge of the operation of three of the world’s leading cybercriminal botnets: Kelihos, Storm Worm and Waledac.

At its peak, Storm Worm sent up to 57 million emails a day, the DOJ says. On the other hand, Waledac could send up to 1.5 billion spam messages, while Kelihos could send more than 4 billion spam messages a day.

The defendant was arrested in April 2017 while residing in Spain, and although Russian authorities tried to avoid his extradition, Levashov was eventually brought before the U.S.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.