A powerful botnet infection, going by the name Kelihos has been reported to be taken down by authorities and all of it’s infrastructure to be shut down. It’s “administrator” Peter Severa also known as Pyotr Levasho has been arrested Sunday in Barcelona by police as a result of international coordination by authorities. In addition to this the authorities have also reported that they have seized the structure devices which are used to keep Kelihos botnet up and running.
The primary reason for the arrest and taking down, besides it being illegal is that this type of botnet is of massive proportions and can be very flexible in the means of malware it distributes. This means that it can quickly become a massive threat and attack unsuspecting users without any way to stop it.
The botnet has first appeared back in 2010 targeting Windows computers and spamming messages in them of different frauds as well as drug and other illegitimate sales, Threatpost reports. In addition to those threats, the botnet was also reported to spread two banking malware iterations known as Vawtrak and Kronos and multiple different types of ransomwareviruses as well.
This is not the first takedown of the Kelihos botnet as in 2011 and 2012 it also had experienced shutdowns, the newest of which was in 2013. But no matter how much the botnet was turned off it still discovered a method to resurface back into the open, stealing credentials for banking accounts and spreading malware.
What is interesting was how the arrest was conducted, which was by a new protocol by which the authorities immediately obtained a court order via the newly approved Rule 41, for instant access.