Kelihos botnet

The detection rules initially deployed by the CBL unfortunately were insufficiently detailed, and listed a number of IP addresses in error.″[19] An affidavit unsealed on 5 February 2018, showed Apple's unexpected role in bringing the Russian spam king to justice.

But despite Levashov's significant efforts at anonymity, court records show that federal agents had been surveilling his iCloud account since 20 May 2016, funneling back crucial information that may have led to his arrest.

The standing federal iCloud warrant would have given authorities a running tab of IP addresses used to log in to the account, which could easily have tipped them off to his vacation in Barcelona, Spain, and was arrested at the request of US law enforcement and extradited to the United States for prosecution.

[2][22] Its spam capacity allows the botnet to spread itself by sending malware links to users in order to infect them with a Trojan horse, though later versions mostly propagate over social network sites, in particular through Facebook.

[24] On 2 February 2018, the United States Department of Justice announced that a Russian national has been extradited from Spain and will be arraigned in Connecticut on charges stemming from his alleged operation of the Kelihos botnet.

[26] On 3 February 2018, he pleaded not guilty to the charges of wire and email fraud, hacking, identity theft and conspiracy after appearing before a federal judge in the U.S. state of Connecticut.