Russian national Oleg Koshkin has been sentenced to 48 months in prison for operating a "crypting" service used to conceal the Kelihos botnet from antivirus software, enabling attackers to infect hundreds of thousands of machines, the Department of Justice reported this week.
Koshkin was convicted by a federal jury on June 15 on one count of conspiracy to commit computer fraud and abuse, and one count of computer fraud and abuse, court files state.
Court documents and evidence presented at trial reveal Koshkin operated websites that "promised to render malicious software fully undetectable by nearly every major provider of antivirus software," DoJ officials wrote in a release. Koshkin and co-conspirators claimed their services could be used for botnets, remote access Trojans, keyloggers, credential stealers, cryptocurrency miners, and other threats.
Koshkin worked with Kelihos botnet operator Peter Levashov to create a system that would allow Levashov to crypt Kelihos multiple times per day, the release states. Koshkin provided Levashov with a custom, high-volume crypting service that allowed the operator to distribute Kelihos through criminal affiliates. Kelihos was used to send spam, harvest account credentials, launch denial-of-service attacks, and distribute ransomware and other types of malware.
Kelihos relied on these crypting services from 2014 until Levashov was arrested in April 2017. In the last four months of its activity, Kelihos infected approximately 200,000 computers around the world.
Read the full DoJ release for more details.