{"id":7286,"date":"2017-04-09T22:17:14","date_gmt":"2017-04-10T06:17:14","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/09\/news-1077\/"},"modified":"2017-04-09T22:17:14","modified_gmt":"2017-04-10T06:17:14","slug":"news-1077","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/09\/news-1077\/","title":{"rendered":"Alleged Spam King Pyotr Levashov Arrested"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Mon, 10 Apr 2017 04:17:09 +0000<\/strong><\/p>\n

Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins.<\/p>\n

Spanish police arrested Pyotr Levashov<\/strong>\u00a0under an international warrant executed in the\u00a0city of Barcelona, according to Reuters<\/a>. Russian state-run television station RT<\/strong>\u00a0(formerly Russia Today<\/em>) reported that Levashov was arrested while vacationing in Spain with his family.<\/p>\n

\"Spamdot.biz<\/a><\/p>\n

Spamdot.biz moderator Severa listing prices to rent his Waledac spam botnet.<\/p>\n<\/div>\n

According to numerous\u00a0stories here at KrebsOnSecurity<\/a>, Levashov was better known as “Severa<\/strong>,” the hacker moniker used by a pivotal figure in many Russian-language cybercrime forums. Severa was the moderator for the spam subsection of multiple online communities, and in this role served as the virtual linchpin connecting virus writers with huge spam networks — including some that Severa allegedly\u00a0created and sold himself.<\/p>\n

Levashov\u00a0is currently listed as #7<\/a> in the the world’s Top 10 Worst Spammers<\/a> list maintained by anti-spam group Spamhaus<\/strong>. The U.S. Justice Department maintains that Severa was the Russian partner of\u00a0Alan Ralsky<\/a>, a convicted American spammer\u00a0who specialized in “pump-and-dump<\/a>” spam schemes designed to artificially inflate the value of penny stocks.<\/p>\n

Levashov allegedly went by the aliases Peter Severa<\/strong>\u00a0and\u00a0Peter of the North <\/strong>(Pyotr is the Russian form of Peter). My reporting indicates that — in addition to spamming activities — Severa was responsible for running multiple\u00a0criminal operations that paid virus writers and spammers to install “fake antivirus” software<\/a>. So-called “fake AV” uses\u00a0malware and\/or programming tricks to bombard the victim with misleading alerts about security threats, hijacking the PC until its owner either pays for a license to the bogus security software or figures out how to remove the invasive program.<\/p>\n

\"A<\/a><\/p>\n

A screenshot of a fake antivirus or “scareware” affiliate program run by “Severa,” allegedly the cybercriminal alias of Pyotr Levashov.<\/p>\n<\/div>\n

There is ample evidence<\/a> that Severa is the cybercriminal behind the Waledac<\/a> spam botnet, a spam engine that for several years infected between 70,000 and 90,000 computers and was capable of sending approximately 1.5 billion spam messages a day.<\/p>\n

In 2010, Microsoft launched a combined technical and legal sneak attack<\/a> on the Waledac botnet, successfully dismantling it.\u00a0The company would later do the same to the Kelihos botnet<\/a>, a global spam machine which shared a great deal of computer code with Waledac.<\/p>\n

The connection between Waledac\/Kelihos and Severa is supported by data leaked in 2010 after hackers broke into the servers of pharmacy spam affiliate program SpamIt<\/strong><\/a>.\u00a0According to the stolen SpamIt records, Severa — this time using the alias “Viktor Sergeevich Ivashov”<\/strong> — brought in revenues of $438,000 and earned commissions of $145,000 spamming rogue online pharmacy sites over a 3-year period.<\/p>\n

Severa also was a moderator of Spamdot.biz<\/strong> (pictured in the first screenshot above), a vetted, members-only forum\u00a0that at one time attracted almost daily visits from most of Russia’s top spammers. Leaked Spamdot forum posts for Severa indicate that he hails from Saint Petersburg<\/a>, Russia’s second-largest city.<\/span><\/p>\n

According to an exhaustive analysis published in my book — Spam Nation: The Inside Story of Organized Cybercrime<\/a>\u00a0—\u00a0<\/em>Severa likely made more money renting Waledac and other custom spam botnets to other spammers than blasting out junk email on his own. For $200, vetted users could hire one of his botnets to send 1 million pieces of spam. Junk email campaigns touting auction and employment scams cost $300 per million, and phishing emails designed to separate unwary email users from their usernames and passwords could be blasted out through Severa\u2019s botnet for the bargain price of $500 per million.<\/p>\n

The above-referenced Reuters story on Levashov’s arrest cited reporting from Russian news outlet RT which associated Levashov with\u00a0hacking attacks linked to alleged interference in last year’s U.S. election. But subsequent updates from Reuters cast doubt on those claims.<\/p>\n

“A U.S. Department of Justice official said it was a criminal matter without an apparent national security connection,” Reuters added in an update to an earlier version of its story.<\/p>\n

The New York Times<\/em>\u00a0reports<\/a> that Russian news media did not<\/em> say if Levashov was suspected of being involved in that activity. However, The Times<\/em> piece observes that the Kelihos botnet does have a historic association with election meddling, noting the botnet was\u00a0used during the Russian election in 2012 to send political messages to email accounts on computers with Russian Internet addresses. According to The Times<\/em>, those emails linked to fake news stories saying that Mikhail D. Prokhorov<\/a>, a businessman who was running for president against Vladimir V. Putin<\/strong>, had come out as gay.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Mon, 10 Apr 2017 04:17:09 +0000<\/strong><\/p>\n

Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins. Spanish police arrested Pyotr Levashov under an international warrant executed in the city of Barcelona, according to Reuters. Russian state-run television station RT (formerly Russia Today) reported that Levashov was arrested while vacationing in Spain with his family. According to numerous stories here at KrebsOnSecurity, Levashov was better known as “Severa,” the hacker moniker used by a pivotal figure in many popular Russian-language cybercrime forums. Severa was the moderator for the spam subsection of multiple online communities, and in this role served as the virtual linchpin connecting virus writers with huge spam networks that Severa allegedly created and sold himself.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[11910,11911,11912,11913,11914,10689,10644,11915,11916,11917,11918,11919,11920,10659,11921,11277,11922,11923,179,11924],"class_list":["post-7286","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-alan-ralsky","tag-fake-antivirus","tag-fake-av","tag-kelihos-botnet","tag-mikhail-d-prokhorov","tag-new-york-times","tag-other","tag-peter-ivashov","tag-peter-levashov","tag-peter-severa","tag-pyotr-levashov","tag-reuters","tag-rokso","tag-spam-nation","tag-spamdot-biz","tag-spamhaus","tag-spamit","tag-viktor-sergeevich-ivashov","tag-vladimir-putin","tag-waledac"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7286"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7286\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}