Underground service promised to render malicious software fully undetectable by nearly every major antivirus provider

A Russian national has been sentenced to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, enabling malicious hackers to infect potentially hundreds of thousands of computers around the world.

Oleg Koshkin, 41, was convicted by a US federal jury on June 15 of one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse. He was sentenced yesterday (December 9).

According to the Department of Justice (DoJ), Koshkin operated the websites ‘crypt4u.com’, ‘fud.bz’ and others which promised to render malware “fully undetectable” by nearly every major provider of antivirus software.

Under the radar

“Koshkin and his co-conspirators claimed that their services could be used for malware including botnet code, remote access trojans, keyloggers, credential stealers, and cryptocurrency miners,” a DoJ release states.

Koshkin worked together with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to crypt the Kelihos malware multiple times each day.

Read more of the latest cybercrime news

In September 2018, Levashov pleaded guilty to various fraud, conspiracy, computer crime and identity theft offenses.

The DoJ stated: “Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates.

“The Kelihos botnet was used by Levashov to send spam, harvest account credentials, conduct denial of service attacks, and to distribute ransomware and other malicious software.”

The DoJ also said that just in the last four months of its operation, Kelihos infected approximately 200,000 computers around the world.

Justice served

“Today’s sentencing of Oleg Koshkin serves as another example of the risk and consequences awaiting those who choose to commit cybercrimes against the American public,” said special agent in charge David Sundberg.

“For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale.

“While our work to bring Koshin to justice comes to a close, the FBI will continue to tirelessly defend our country from the ever-evolving cyber threats posed by criminals, terrorists and hostile nation-states.”

YOU MIGHT ALSO LIKE US food importer Atalanta admits ransomware attack