{
	"id": "2666dfec-10d4-42c6-931b-7a73afa7c862",
	"created_at": "2026-04-06T00:11:27.421458Z",
	"updated_at": "2026-04-10T03:21:26.345543Z",
	"deleted_at": null,
	"sha1_hash": "8737d833c033624f360670f5f456dc69a3a5fa31",
	"title": "US convicts Russian national behind Kelihos botnet crypting service",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 806869,
	"plain_text": "US convicts Russian national behind Kelihos botnet crypting service\r\nBy Sergiu Gatlan\r\nPublished: 2021-06-16 · Archived: 2026-04-05 23:02:36 UTC\r\nRussian national Oleg Koshkin was convicted for charges related to the operation of a malware crypter service used by the\r\nKelihos botnet to obfuscate malware payloads and evade detection.\r\nKoshkin has been detained since he was arrested in California in September 2019, and he is facing a maximum penalty of 15\r\nyears in prison after September 20, 2021, when his sentencing is due.\r\nEstonian national Pavel Tsurkan, his co-defendant, also pled guilty today via videoconference to charges of aiding and\r\nabetting hackers to infect victim computers worldwide with malicious software, including ransomware.\r\nhttps://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nMonthly payments of $3,000 for malware crypting services\r\nKoshkin operated Crypt4U.com, Crypt4U.net, fud.bz, fud.re, and other websites that promised to render malware (e.g.,\r\nbotnets, remote-access trojans, keyloggers, credential stealers, and cryptocurrency miners) fully undetectable by almost all\r\nmajor providers of antivirus solutions. \r\n\"In particular, Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would\r\nallow Levashov to crypt the Kelihos malware multiple times each day,\" the Department of Justice said.\r\n\"Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos\r\nthrough multiple criminal affiliates.\r\n\"Levashov used the Kelihos botnet to send spam, harvest account credentials, conduct denial of service attacks, and\r\ndistribute ransomware and other malicious software.\"\r\nThe Kelihos maintainer paid Koshkin roughly $3,000 per month for his services between May 2014 and April 2017 per the\r\ncriminal complaint when Levashov was arrested in Spain.\r\nKelihos botnet, one of the largest of its time\r\nThe Kelihos botnet, active since at least 2010 and one of the largest when it was taken down in 2017, was used by its\r\noperators and other cybercriminals who rented it to send millions of spam messages per hour.\r\nUS authorities said at the time that Levashov was renting the botnet's spamming capabilities for prices from $100 to $300,\r\naccording to court documents,\r\nThe botnet was targeted by three takedown attempts in consecutive years, in 2011, 2012, and 2013, and was finally taken\r\ndown in April 2017.\r\nWhen the FBI finally dismantled it, the Kelihos botnet was known to control at least 60,000 compromised computers\r\nworldwide.\r\n\"By operating a website that was intended to hide malware from antivirus programs, Koshkin provided a critical service that\r\nenabled other cyber criminals to infect thousands of computers around the world,\" Acting U.S. Attorney Leonard C. Boyle\r\nfor the District of Connecticut said.\r\n\"The defendant designed and operated a service that was an essential tool for some of the world’s most destructive\r\ncybercriminals, including ransomware attackers,\" added Acting Assistant Attorney General Nicholas L. McQuaid of the\r\nJustice Department's Criminal Division.\r\nhttps://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/\r\nhttps://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-convicts-russian-national-behind-kelihos-botnet-crypting-service/"
	],
	"report_names": [
		"us-convicts-russian-national-behind-kelihos-botnet-crypting-service"
	],
	"threat_actors": [],
	"ts_created_at": 1775434287,
	"ts_updated_at": 1775791286,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8737d833c033624f360670f5f456dc69a3a5fa31.pdf",
		"text": "https://archive.orkl.eu/8737d833c033624f360670f5f456dc69a3a5fa31.txt",
		"img": "https://archive.orkl.eu/8737d833c033624f360670f5f456dc69a3a5fa31.jpg"
	}
}