A federal jury in Connecticut convicted a Russian national on Tuesday for operating a ‘crypting’ service used to conceal ‘Kelihos’ malware from antivirus software, enabling hackers to systematically infect victim computers around the world with malicious software, including ransomware.
According to court documents and evidence introduced at trial, Oleg Koshkin, 41, formerly of Estonia, operated the websites ‘Crypt4U[.]com,’ ‘fud.bz’ and others. The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. Koshkin and his co-conspirators claimed that their services could be used for malware such as botnets, remote-access trojans, keyloggers, credential stealers and cryptocurrency miners.
In particular, Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to crypt the Kelihos malware multiple times each day. Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates. Levashov used the Kelihos botnet to send spam, harvest account credentials, conduct denial of service attacks, and distribute ransomware and other malicious software. At the time it was dismantled by the FBI, the Kelihos botnet was known to include at least 50,000 compromised computers around the world. (Source: U.S. Department of Justice)