Attacks/Breaches

2/2/2018
04:05 PM
50%
50%

Russian National Arrested for Kelihos Botnet Sent to US

Peter Levashov, among the world's most notorious email spammers, has been extradited to the US.

Peter Levashov, one of the world's most well-known email spammers and operator of the Kelihos botnet, has been extradited to the US from Spain. He awaits federal charges in Connecticut, where prosecutors say he used the botnet to harvest personal data.

Levashov, a Russian citizen, is accused of identity theft, wire fraud, and conspiracy. He was arrested in April 2017 while on holiday in Barcelona as part of a US Department of Justice effort to take down Kelihos. Officials said the operation was distributing hundreds of millions of fraudulent emails per year, intercepting credentials for online accounts belonging to thousands of Americans, and spreading ransomware. Indictment details were released later the same month.

The spammer initially claimed he was collecting data on opposition parties for the United Russia party, which later said he was unknown to them. Russia filed a competing extradition request; the Spanish National Court approved Levashov's extradition to the US in October.

In addition to driving spam and malware-rigged email campaigns, Levashov has been associated with click-fraud and DDoS operations. Many cyberattackers thought of him as a spam service provider. He was indicted, but not extradited, in 2009 for operating the Storm botnet.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/4/2018 | 10:46:55 AM
Russian National Arrested for Kelihos Botnet Sent to US
This is a high information-density Quick Hits article -- well worth a thorough exploration. While some aspects of the story are readily apparent, a number of more subtle and sophisticated implications are revealed when you learn more of the backstory. 
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19333
PUBLISHED: 2018-11-17
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2018-19340
PUBLISHED: 2018-11-17
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVE-2018-19327
PUBLISHED: 2018-11-17
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19328
PUBLISHED: 2018-11-17
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19329
PUBLISHED: 2018-11-17
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.