Russian citizen Oleg Koshkin was convicted of charges related to the operation of a malware encryption service used by the Kelihos botnet to hide malware payloads and evade detection.
Koshkin has been in custody since he was arrested in California in September 2019, and faces a maximum penalty of 15 years in prison after September 20, 2021, when his sentence expires.
Pavel Tsurkan, his co-defendant, was also charged with conspiring to damage protected computers and aiding and inciting Peter Levashov, the main operator of the Kelihos botnet, to damage protected computers.
$ 3,000 monthly payments for malware encryption services
Koshkin operated Crypt4U.com, Crypt4U.net, fud.bz, fud.re, and other websites that promised to generate malware (e.g., Botnets, remote access Trojans, keystroke loggers, credential thieves and miners). cryptocurrencies) totally undetectable to almost everyone. leading antivirus solution providers.
“In particular, Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to encrypt Kelihos malware multiple times a day,” the Justice Department said. saying.
“Koshkin provided Levashov with a high-volume custom encryption service that allowed Levashov to distribute Kelihos across multiple criminal affiliates.
“Levashov used the Kelihos botnet to send spam, collect account credentials, conduct denial of service attacks, and distribute ransomware and other malicious software.”
The Kelihos maintainer paid Koshkin approximately $ 3,000 per month for his services between May 2014 and April 2017 for the criminal complaint when Levashov was arrested in Spain.
The Kelihos botnet, one of the largest of its time
The Kelihos botnet, active since at least 2010 and one of the largest when it was retired in 2017, was used by its operators and other cybercriminals who rented it to send millions of spam messages per hour.
US authorities said at the time that Levashov was leasing the botnet’s spam capabilities for prices of $ 100 to $ 300, according to court documents,
When the FBI finally dismantled it, the Kelihos botnet was known to control at least 60,000 compromised computers around the world.
“By operating a website designed to hide malware from antivirus programs, Koshkin provided a critical service that allowed other cybercriminals to infect thousands of computers around the world,” said Acting US Attorney Leonard C. Boyle for the District of Connecticut.
“The defendant designed and operated a service that was an essential tool for some of the world’s most destructive cybercriminals, including ransomware attackers,” added Acting Assistant Attorney General Nicholas L. McQuaid of the Department of Criminal Justice Division. Justice.