• Waledac author/botnet operator and Spam King Pyotr Levashov Arrested

    From Virus Guy@1:396/4 to All on Sun Apr 9 21:48:36 2017
    From: Virus Guy <Virus@Guy.C0M>

    I haven't found any story that links Levashov to being the source for
    the Wikileaks Podesta/DNC email dump. The smart money still has that
    source as being a DNC insider pissed off at how the DNC treated (and
    screwed) Bernie Sanders over Hillary.



    Monday, April 10th, 2017

    Authorities in Spain have arrested a Russian computer programmer thought
    to be one of the world's most notorious spam kingpins.

    Spanish police arrested Pyotr Levashov under an international warrant
    executed in the city of Barcelona, according to Reuters. Russian
    state-run television station RT (formerly Russia Today) reported that
    Levashov was arrested while vacationing in Spain with his family.

    According to numerous stories here at KrebsOnSecurity, Levashov was
    better known as “Severa,” the hacker moniker used by a pivotal figure in
    many Russian-language cybercrime forums. Severa was the moderator for
    the spam subsection of multiple online communities, and in this role
    served as the virtual linchpin connecting virus writers with huge spam
    networks — including some that Severa allegedly created and sold

    Levashov is currently listed as #7 in the the world's Top 10 Worst
    Spammers list maintained by anti-spam group Spamhaus. The U.S. Justice Department maintains that Severa was the Russian partner of Alan Ralsky,
    a convicted American spammer who specialized in “pump-and-dump” spam
    schemes designed to artificially inflate the value of penny stocks.

    Levashov allegedly went by the aliases Peter Severa and Peter of the
    North (Pyotr is the Russian form of Peter). My reporting indicates that
    — in addition to spamming activities — Severa was responsible for
    running multiple criminal operations that paid virus writers and
    spammers to install “fake antivirus” software. So-called “fake AV” uses
    malware and/or programming tricks to bombard the victim with misleading
    alerts about security threats, hijacking the PC until its owner either
    pays for a license to the bogus security software or figures out how to
    remove the invasive program.

    There is ample evidence that Severa is the cybercriminal behind the
    Waledac spam botnet, a spam engine that for several years infected
    between 70,000 and 90,000 computers and was capable of sending
    approximately 1.5 billion spam messages a day.

    In 2010, Microsoft launched a combined technical and legal sneak attack
    on the Waledac botnet, successfully dismantling it. The company would
    later do the same to the Kelihos botnet, a global spam machine which
    shared a great deal of computer code with Waledac.

    The connection between Waledac/Kelihos and Severa is supported by data
    leaked in 2010 after hackers broke into the servers of pharmacy spam
    affiliate program SpamIt. According to the stolen SpamIt records, Severa
    — this time using the alias “Viktor Sergeevich Ivashov” — brought in
    revenues of $438,000 and earned commissions of $145,000 spamming rogue
    online pharmacy sites over a 3-year period.

    Severa also was a moderator of Spamdot.biz (pictured in the first
    screenshot above), a vetted, members-only forum that at one time
    attracted almost daily visits from most of Russia's top spammers. Leaked Spamdot forum posts for Severa indicate that he hails from Saint
    Petersburg, Russia's second-largest city.

    According to an exhaustive analysis published in my book — Spam Nation:
    The Inside Story of Organized Cybercrime — Severa likely made more money renting Waledac and other custom spam botnets to other spammers than
    blasting out junk email on his own. For $200, vetted users could hire
    one of his botnets to send 1 million pieces of spam. Junk email
    campaigns touting auction and employment scams cost $300 per million,
    and phishing emails designed to separate unwary email users from their usernames and passwords could be blasted out through Severa's botnet for
    the bargain price of $500 per million.

    The above-referenced Reuters story on Levashov's arrest cited reporting
    from Russian news outlet RT which associated Levashov with hacking
    attacks linked to alleged interference in last year's U.S. election. But subsequent updates from Reuters cast doubt on those claims.

    “A U.S. Department of Justice official said it was a criminal matter
    without an apparent national security connection,” Reuters added in an
    update to an earlier version of its story.

    The New York Times reports that Russian news media did not say if
    Levashov was suspected of being involved in that activity. However, The
    Times piece observes that the Kelihos botnet does have a historic
    association with election meddling, noting the botnet was used during
    the Russian election in 2012 to send political messages to email
    accounts on computers with Russian Internet addresses. According to The
    Times, those emails linked to fake news stories saying that Mikhail D. Prokhorov, a businessman who was running for president against Vladimir
    V. Putin, had come out as gay.



    An alleged Russian hacker, Pyotr Levashov, has been detained in
    Barcelona at the request of the FBI, an arrest that set cybersecurity
    circles abuzz after a Russian broadcaster raised the possibility it was
    linked to the U.S. presidential election, AP reports. A spokeswoman for
    Spain's National Court said that the Pyotr Levashov was arrested in
    response to a U.S. computer crimes warrant while a spokesman for the
    Russian embassy in Madrid confirmed the arrest on Sunday.

    While it was not immediately clear why Levashov was arrested, Russian television station RT reported that Levashov was arrested under a U.S. international arrest warrant and was suspected of being involved in
    hacking attacks linked to alleged interference in last year's U.S.
    election. Peter Carr, a spokesman for the U.S. Justice Department's
    criminal division, said: "The U.S. case remains under seal, so we have
    no information to provide at this time."

    Defusing speculation that the arrest was in connection with the election hacking as some have suggested, Reuters reports that according to a U.S. Department of Justice official the arrest was a criminal matter without
    an apparent national security connection. Spanish authorities notified
    the Russian embassy of Levashov's arrest on Friday, the embassy
    spokesman said.

    The NYT adds that computer researchers who have linked the long-running computer spam business of the man known as Peter Severa to malware used
    in 2012 to influence a domestic election in Russia say his arrest could
    give other investigations important information. Levashov was arrested
    in Barcelona, where he had been vacationing with his family, according
    to a report on RT, a state-owned Russian television network. The report
    cited his wife, who said the Spanish police had detained Mr. Levashov at
    the request of the American authorities. Levashov's wife Maria was
    quoted by RT as saying that her husband was arrested by armed police at
    their apartment in Barcelona. She said her husband told her he had been
    accused of creating a computer virus "linked to (President Donald)
    Trump's election win."
    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)