Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Pierluigi Paganini June 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software.

Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection.

“According to court documents and evidence introduced at trial, Oleg Koshkin, 41, formerly of Estonia, operated the websites “Crypt4U.com,” “fud.bz” and others.” reads the press release published by DoJ.”The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. Koshkin and his co-conspirators claimed that their services could be used for malware such as botnets, remote-access trojans, keyloggers, credential stealers and cryptocurrency miners.”

Russian nation Oleg Koshkin (41) operated the webservices “Crypt4U.com,” “fud.bz” and others that allowed their customers to render their malicious payloads undetectable by most of the antivirus engines.

“The defendant designed and operated a service that was an essential tool for some of the world’s most destructive cybercriminals, including ransomware attackers,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The verdict should serve as a warning to those who provide infrastructure to cybercriminals: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable — and we will work tirelessly to bring you to justice.”

According to court documents, Koshkin supported his co-defendant, Pavel Tsurkan, who is the author of the Kelihos botnet, in the development of a system that would allow to crypt the Kelihos payloads multiple times each day. Koshkin provided Levashov with a custom crypting service that was used to distribute Kelihos through multiple criminal affiliates.

“Levashov provided the Kelihos malware to Crypt4U personnel for crypting before distributing it to his victims. Levashov used these services on and off from at least May 2014 until his arrest in April 2017 and paid the operators of the crypting services approximately $3,000 per month” reads the criminal compliant.

Koshkin was arrested in California in September 2019, while Tsurkan was arrested in April 2017.

kelihos botnet

The Kelihos botnet was used to send out a large volume of spam messages, conduct denial of service attacks, harvest account credentials, and distribute malware. At the time the FBI dismantled the Kelihos botnet, in 2017, the malicious infrastructure was composed of at least 50,000 compromised devices around the world.

Koshkin faces a maximum penalty of 15 years in prison, he will be sentenced on Sept. 20.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Kelihos)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment