Alleged Spam Kingpin ‘Severa’ Extradited to US

Peter Yuryevich Levashov, a 37-year-old Russian mechanism programmer suspicion to be one of a world’s many scandalous spam kingpins, has been extradited to a United States to face sovereign hacking and spamming charges.

Levashov, in an undated photo.

Levashov, who allegedly went by a hacker names “Peter Severa,” and “Peter of the North,” hails from St. Petersburg in northern Russia, though he was arrested final year while in Barcelona, Spain with his family.

Authorities have prolonged suspected he is a cybercriminal behind a once absolute spam botnet famous as Waledac (a.k.a. “Kelihos”), a now-defunct malware aria obliged for promulgation some-more than 1.5 billion spam, phishing and malware attacks any day.

According to a statement expelled by a U.S. Justice Department, Levashov was arraigned final Friday in a sovereign justice in New Haven, Ct. Levashov’s New York profession Igor Litvak pronounced he is fervent to examination a justification opposite Mr. Levashov, and that while a censure opposite his customer is available, a censure in a box stays sealed.

“We haven’t perceived any discovery, we have no suspicion what a supervision is relying on to move these allegations,” Litvak said. “Mr. Levashov maintains his ignorance and is looking brazen to solution this case, clearing his name, and returning home to his mother and 5-year-old son in Spain.”

In 2010, Microsoft — in tandem with a series of confidence researchers — launched a combined technical and authorised hide attack on a Waledac botnet, successfully dismantling it. The organisation would after do a same to a Kelihos botnet, a tellurian spam appurtenance that common a good understanding of mechanism formula with Waledac.

Severa customarily rented out segments of his Waledac botnet to anyone seeking a car for promulgation spam. For $200, vetted users could sinecure his botnet to blast one million pieces of spam. Junk email campaigns touting practice or “money mule” scams cost $300 per million, and phishing emails could be bloody out by Severa’s botnet for a discount cost of $500 per million.

Waledac initial flush in Apr 2008, though many experts trust a spam-spewing appurtenance was merely an refurbish to a Storm worm, a engine behind another large spam botnet that initial flush in 2007. Both Waledac and Storm were vital distributors of curative and malware spam.

According to Microsoft, in one month alone approximately 651 million spam emails attributable to Waledac/Kelihos were destined to Hotmail accounts, including offers and scams associated to online pharmacies, fabrication goods, jobs, penny stocks, and more. The Storm worm botnet also sent billions of messages daily and putrescent an estimated one million computers worldwide.

Both Waledac/Kelihos and Storm were hugely innovative since they any enclosed self-defense mechanisms designed privately to stymie confidence researchers who competence try to idle a crime machines.

Waledac and Storm sent updates and other instructions around a peer-to-peer communications complement not distinct renouned song and file-sharing services. Thus, even if confidence researchers or law-enforcement officials conduct to seize a botnet’s back-end control servers and purify adult outrageous numbers of putrescent PCs, a botnets could respawn themselves by relaying module updates from one putrescent PC to another.


According to a extensive Apr 2017 story in about Levashov’s detain and a takedown of Waledac, Levashov got held since he disregarded a simple confidence no-no: He used a same log-in certification to both run his rapist craving and record into sites like iTunes.

After Levashov’s arrest, countless media outlets quoted his mother observant he was being dull adult as partial of a dragnet targeting Russian hackers suspicion to be concerned in purported division in a 2016 U.S. election. Russian news media outlets done most grain over this claim. In contesting his extradition to a United States, Levashov even reportedly told a RIA Russian news organisation that he worked for Russian President Vladimir Putin‘s United Russia party, and that he would die within a year of being extradited to a United States.

“If we go to a U.S., we will die in a year,” Levashov is quoted as saying. “They wish to get information of a troops inlet and about a United Russia party. I will be tortured, within a year we will be killed, or we will kill myself.”

But there is so distant 0 evidence that anyone has indicted Levashov of being concerned in choosing meddling. However, a Waledac/Kelihos botnet does have a ancestral organisation with choosing meddling: It was used during a Russian choosing in 2012 to send domestic messages to email accounts on computers with Russian Internet addresses. Those emails related to feign news stories observant that Mikhail D. Prokhorov, a businessman who was regulating for boss opposite Putin, had come out as gay.


If Levashov was to beg guilty in a box being prosecuted by U.S. authorities, it could strew light on a real-life identities of other tip spammers.

Severa worked really closely with dual vital purveyors of spam. One was Alan Ralsky, an American spammer who was convicted in 2009 of profitable him and other spammers to foster a pump-and-dump batch scams.

The other was a spammer who went by a nickname “Cosma,” a cybercriminal suspicion to be obliged for handling a Rustock botnet (so named since it was a Russian botnet frequently used to send pump-and-dump batch spam). In 2011, Microsoft offered a still-unclaimed $250,000 reward for information heading to a detain and self-assurance of a Rustock author. judge Severa inventory prices to lease his Waledac spam botnet.

Microsoft believes Cosma’s genuine name might be Dmitri A. SergeevArtem Sergeev, or Sergey Vladomirovich Sergeev. In Jun 2011, KrebsOnSecurity published a brief form of Cosma that enclosed Sergeev’s resume and photo, both of that indicated he is a Belorussian programmer who once sought a pursuit during Google. For some-more on Cosma, see “Flashy Car Got Spam Kingpin Mugged.”

Severa and Cosma had met one another several times in their years together in a batch spamming business, and they seem to have famous any other closely adequate to be on a first-name basis. Both of these titans of junk email are featured prominently in “Meet a Spammers,” a 7th section of my book, Spam Nation: The Inside Story of Organized Cybercrime.

Much like his tighten associate — Cosma, a Rustock botmaster — Severa might also have a $250,000 annuity on his head, notwithstanding indirectly. The Conficker worm, a tellurian contamination launched in 2009 that fast widespread to an estimated 9 to 15 million computers worldwide, stirred an rare general response from confidence experts. This organisation of experts, dubbed a “Conficker Cabal,” sought in vain to corral a widespread of a worm.

But notwithstanding infecting outrageous numbers of Microsoft Windows systems, Conficker was never once used to send spam. In fact, a usually thing that Conficker-infected systems ever did was download and widespread a new chronicle of a a malware that powered a Waledac botnet. Later that year, Microsoft announced it was offering a $250,000 reward for information heading to a detain and self-assurance of a Conficker author(s). Some confidence experts trust this proves a couple between Severa and Conficker.

Both Cosma and Severa were utterly active on Spamit[dot]com, a once closely-guarded forum for Russian spammers. In 2010, Spamit was hacked, and a duplicate of a database was common with this author. In that database were all private messages between Spamit members, including many between Cosma and Severa. For some-more on those conversations, see “A Closer Look during Two Big Time Botmasters.

In further to renting out his spam botnet, Severa also managed mixed associate programs in that he paid other cybercriminals to discharge supposed fake antivirus products. Also famous as “scareware,” feign antivirus was during one time a vital scourge, regulating feign and dubious pop-up alerts to pretence and mousetrap gullible mechanism users into purchasing meaningless (and in many cases undisguised harmful) module sheltered as antivirus software.

A screenshot of a eponymous scareware associate module run by “Severa,” allegedly a cybercriminal alias of Peter Levashov.

In 2011, KrebsOnSecurity published Spam Fake AV: Like Ham Eggs, that sought to illustrate a many ways in that a spam attention and feign antivirus overlapped. That research enclosed information from Brett Stone-Gross, a cybercrime consultant who after would support Microsoft and other researchers in their successful efforts to idle a Waledac/Kelihos botnet.

Levashov faces sovereign rapist charges on 8 counts, including aggravated temperament theft, handle fraud, conspiracy, and conscious repairs to stable computers. The censure in his box is accessible here (PDF).

Further reading: Mr Waledac — The Peter North of Spamming

Tags: , , , , , , , , , , , , , , , ,

You can skip to a finish and leave a comment. Pinging is now not allowed.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestShare on StumbleUponShare on TumblrShare on RedditFlattr the authorShare on YummlyBuffer this pageDigg thisShare on VKPrint this pageEmail this to someone