Crypting Mastermind Gets Just Two Years for Kelihos Plot
A Russian man has been sentenced to just 24 months behind bars for his part in helping to hide the infamous Kelihos malware from global security teams.
Oleg Koshkin, 41, was convicted by a federal jury on June 15 of one count of conspiracy to commit computer fraud and abuse, and one count of computer fraud and abuse.
He’s said to have operated several crypting websites including “crypt4u.com” and “fud.bz.” Crypting services are used by threat actors to disguise their malware from anti-virus software, using encryption.
According to the Department of Justice, Koshkin and his co-conspirators claimed their services could be used to obfuscate botnet-related malware, remote access trojans, keyloggers, credential stealers and cryptocurrency miners.
Koshkin is said to have worked with Peter Levashov, who operated the Kelihos botnet, to “crypt” the malware several times each day in order to stay hidden. Levashov pleaded guilty in 2018 to fraud, identity theft, computer crime and other offenses.
Thanks to Koshkin’s work, Kelihos became a popular tool to send spam, harvest account credentials, conduct denial of service attacks, and distribute ransomware and other malware.
Kelihos used Koshkin’s crypting services from 2014 until Levashov’s arrest in