Crypting Mastermind Gets Just Two Years for Kelihos Plot

A Russian man has been sentenced to just 24 months behind bars for his part in helping to hide the infamous Kelihos malware from global security teams.

Oleg Koshkin, 41, was convicted by a federal jury on June 15 of one count of conspiracy to commit computer fraud and abuse, and one count of computer fraud and abuse.

He’s said to have operated several crypting websites including “crypt4u.com” and “fud.bz.” Crypting services are used by threat actors to disguise their malware from anti-virus software, using encryption.

According to the Department of Justice, Koshkin and his co-conspirators claimed their services could be used to obfuscate botnet-related malware, remote access trojans, keyloggers, credential stealers and cryptocurrency miners.

Koshkin is said to have worked with Peter Levashov, who operated the Kelihos botnet, to “crypt” the malware several times each day in order to stay hidden. Levashov pleaded guilty in 2018 to fraud, identity theft, computer crime and other offenses.

Thanks to Koshkin’s work, Kelihos became a popular tool to send spam, harvest account credentials, conduct denial of service attacks, and distribute ransomware and other malware.

Kelihos used Koshkin’s crypting services from 2014 until Levashov’s arrest in 2017, which led to the demise of Kelihos. According to the DoJ, it infected 200,000 computers around the world in just the last four months of that period.

“Today’s sentencing of Oleg Koshkin serves as another example of the risk and consequences awaiting those who choose to commit cybercrimes against the American public,” said special agent in charge David Sundberg of the FBI’s New Haven Division.

“For years, Koshkin and his co-conspirators worked to evade our most basic cyber-defenses in order to spread malware on a truly global scale. While our work to bring Koshin to justice comes to a close, the FBI will continue to tirelessly defend our country from the ever-evolving cyber threats posed by criminals, terrorists and hostile nation-states.”

Another co-conspirator, Pavel Tsurkan, pleaded guilty on June 16 to one count of causing damage to a protected computer.

Although that offense that carries a maximum term of 10 years in prison, he can expect a similar stretch to Koshkin, or shorter. Koshkin’s crimes theoretically carried a maximum term of 15 years.