Security Experts:

Connect with us

Hi, what are you looking for?



Kelihos Botnet Author Pleads Guilty in U.S. Court

Peter Yuryevich Levashov, a 38-year-old Russian national accused of operating the notorious Kelihos botnet, pleaded guilty on Wednesday to computer crime, fraud, conspiracy and identity theft charges.

Peter Yuryevich Levashov, a 38-year-old Russian national accused of operating the notorious Kelihos botnet, pleaded guilty on Wednesday to computer crime, fraud, conspiracy and identity theft charges.

Levashov, aka “Petr Levashov,” “Peter Severa,” “Petr Severa” and “Sergey Astakhov,” is said to have operated several botnets between the late 1990s and April 2017, when he was arrested.

The Storm and Waledac botnets, which share source code with Kelihos, have also been attributed to Levashov. Levashov’s malware had infected hundreds of thousands of computers, allowing him and other cybercriminals who rented the botnets to send spam and steal valuable information from compromised devices. Authorities said the man also took part in operating various cybercrime forums.

The Kelihos, Storm and Waledac botnets reportedly generated hundreds of millions of dollars for cybercriminals. Data leaked in 2010 after hackers broke into the systems of a pharmacy spam program showed that Levashov had made nearly $600,000 from these types of activities over a 3-year period.

Spamhaus’ entry on Levashov in its Register of Known Spam Operations (ROKSO) describes the Russian as “one of the longest operating criminal spam-lords on the internet.”

Levashov was indicted in the United States on April 20, just days after his arrest in Spain and action taken by authorities to dismantle the Kelihos botnet. He was extradited to the United States in February.

Levashov on Wednesday pleaded guilty in U.S. District Court in Hartford, Connecticut, to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of aggravated identity theft, and one count of wire fraud.

His sentencing has been scheduled for September 6, 2019, and he will remain in custody until then. It’s unclear why the judge scheduled sentencing for one year from now, but it could indicate that Levashov is working with law enforcement agencies on dismantling other cybercrime operations.

“For years, Mr. Levashov lived quite comfortably while his criminal behavior disrupted the lives of thousands of computer users,” said U.S. Attorney John H. Durham of the District of Connecticut. “Thanks to the collaborative work of the FBI and our partners in law enforcement, private industry and academia, a prolific cybercriminal has been neutralized, and has now admitted his guilt in a U.S. courtroom.”

Related: Russian Pleads Guilty to Role in Linux Botnet Scheme

Related: Citadel Botnet Author Pleads Guilty

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...