Over 15 years in prison for the operator of the malware employed by the Kelihos botnet

The U.S. Department of Justice (DOJ) announced that Oleg Koshkin, a Russian citizen, is being charged with multiple charges related to the operation of a malware variant employed by various cybercriminal groups, including administrators of the Kelihos botnet. The defendant was arrested in 2019 and is awaiting sentencing, which could reach 15 years in prison.

The authorities will also try Pavel Tsurkan, an Estonian citizen who participated as Koshkin’s accomplice in the operation of this malware.

The defendants were in charge of the operation of Crypt4U.com, Crypt4U.net and fud.bz, websites on which they claimed it was possible to create sophisticated malware variants that went unnoticed by the affected users: “Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow kelihos malware to be encrypted several times a day”, mention court documents.

Koshkin provided a high-volume custom encryption service that allowed him to distribute Kelihos botnet malware through multiple affiliated hacking groups: “Between May 2014 and April 2017, botnet operators paid the defendant about $3 thousand a month for their services,” argues the prosecutor in charge of the case.

Cybersecurity specialists mention that the Kelihos botnet remained active between 2010 and 2017, and was used by multiple cybercriminal groups for the deployment of denial of service (DoS) attacks, malware deployment and other attacks. Botnet operators offered their services for between $100 USD and $300 USD. After multiple attempts, authorities shut down this malicious infrastructure in April 2017.

According to the Federal Bureau of Investigation (FBI), at the time of its closure the botnet had infected at least 60 thousand devices around the world: “With the operation of a website that was intended to hide malware from antivirus programs, Koshkin provided a critical service that allowed other cybercriminals to infect thousands of computers for the deployment of subsequent attacks”, adds the report.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.