US seeks 12 to 14.5 years prison sentence for Kelihos botmaster

US prosecutors are seeking a prison sentence ranging between 12 to 14.5 years in prison for Peter Levashov, a Russian national accused of creating and operating the Kelihos malware, one of the largest spam botnets that ever existed.

• Levashev was arrested in April 2017 in Barcelona, Spain, and was extradited to the US a year later, in February 2018.
• He pleaded guilty to operating Kelihos in September 2018 and has been released on bail in January 2020, pending his sentencing.
• Initially scheduled for September 2019, his sentencing was delayed multiple times and is now scheduled for next Tuesday, July 20, 2021.

In a sentencing memorandum filed by this week, case prosecutors asked the judge to impose a harsh penalty on the Russian national, citing Levashov's more than 15 years working as a botnet operator.

The US government argued that while the current case charges Levashov for running the Kelihos malware between 2010 and 2017, he also previously operated two other spam botnets before that.

Going online using the pseudonym of "Severa," investigators said that Levashov also created the Storm and Waledac botnets, the latter of which eventually evolved into Kelihos in late 2010, after Microsoft took down Waledac in March 2010.

Furthermore, prosecutors also said that while Levashov did not profit directly from the attacks carried out by other cybercrime groups renting his spam botnet, he did make a profit by association.

"[H]e did not conduct pump and dump schemes himself, nor did he distribute ransomware on his own behalf — but he allowed others to do so through the botnets that he controlled, and he profited handsomely from their crimes," prosecutors said.

The prosecution's sentencing memorandum is only a recommendation, and the judge may ignore it and impose their own decision outside the requested range.

Last week, Levashov's legal team also submitted their own sentencing recommendation, asking for a prison sentence range from 6.5 to 8 years.

US officials dismantled the Kelihos botnet in April 2017, but officials are still investigating its collaborators and affiliates.

Last month, the US Department of Justice charged an Estonian national for running Crypt4U.com and fud.bz, two websites that sold malware crypting services and who worked closely with Levashov and his Kelihos customers.