A Russian national has been sentenced to four years in prison for his role in operating the Kelihos botnet. Specifically, he helped Kelihos stay undetectable by antivirus vendors.
Oleg Koshkin, 41, was convicted of operating what the DOJ calls “a ‘crypting’ service used to conceal the Kelihos malware from antivirus software.”
Koshkin was convicted in June on one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse.
According to the sentencing, Koshkin’s websites – crypt4u.com and and fud.bz –enabled fellow threat actors to “systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”
Koshkin’s encryption service let co-conspirator Peter Levashov, operator of the Kelihos botnet, encrypt the Kelihos malware multiple times each day, avoiding detection “by nearly every major provider of antivirus software,” according to the DOJ.
Levashov pleaded guilty in 2018 to various fraud, conspiracy, computer crime and identity theft offenses.
“The Kelihos botnet was used by Levashov to send spam, harvest account credentials, conduct denial of service attacks, and to distribute ransomware and other malicious software,” according to the DOJ.
Evidence presented at Koshkin’s sentencing showed that Kelihos relied on the encryption services provided by Crypt4U from 2014 until Levashov’s arrest in April 2017. Court documents also say that Kelihos infected approximately 200,000 computers around the world just in the last four months of that campaign.
A third co-defendant, Pavel Tsurkan, also pleaded guilty this year to one count of causing damage to a protected computer, and faces up to 10 years in prison. He is awaiting sentencing.
The Kelihos botnet was discovered around December 2010 and has gone through several developments since its inception, including a notable takedown by Microsoft (Operation b79) just one year after the malware’s emergence onto the threat landscape.
Kelihos has surfaced and plunged several times since, seeing its most recent downfall in 2018 with the sentencing of Levashov – this time at the hand of Microsoft’s arch rival, Apple Inc.
Agents had been reportedly surveilling Levashov’s iCloud account since May 2016, funneling back crucial information that may have led to his arrest.