July 20, 2021


Peter Levashov, appearing via Zoom at his sentencing hearing today.

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.

A native of St. Petersburg, Russia, the 40-year-old Levashov operated under the hacker handle “Severa.” Over the course of his 15-year cybercriminal career, Severa would emerge as a pivotal figure in the cybercrime underground, serving as the primary moderator of a spam community that spanned multiple top Russian cybercrime forums.

Severa created and then leased out to others some of the nastiest cybercrime engines in history — including the Storm worm, and the Waledac and Kelihos spam botnets. His central role in the spam forums gave Severa a prime spot to advertise the services tied to his various botnets, while allowing him to keep tabs on the activities of other spammers.

Severa rented out segments of his Waledac botnet to anyone seeking a vehicle for sending spam. For $200, vetted users could hire his botnet to blast one million emails containing malware or ads for male enhancement drugs. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million.

Severa was a moderator on the Russian spam community Spamdot[.]biz. In this paid ad from 2004, Severa lists prices to rent his spam botnet.

Early in his career, Severa worked very closely with two major purveyors of spam. One was Alan Ralsky, an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams.

The other was a major spammer who went by the nickname “Cosma,” the cybercriminal thought to be responsible for managing the Rustock botnet (so named because it was a Russian botnet frequently used to send pump-and-dump stock spam). Microsoft, which has battled to scrub botnets like Rustock off of millions of PCs, later offered a still-unclaimed $250,000 reward for information leading to the arrest and conviction of the Rustock author.

Severa ran several affiliate programs that paid cybercriminals to trick people into installing fake antivirus software. In 2011, KrebsOnSecurity dissected “SevAntivir” — Severa’s eponymous fake antivirus affiliate program  — showing it was used to deploy new copies of the Kelihos spam botnet.

A screenshot of the “SevAntivir” fake antivirus or “scareware” affiliate program run by Severa.

In 2010, Microsoft — in tandem with a number of security researchers — launched a combined technical and legal sneak attack on the Waledac botnet, successfully dismantling it. The company would later do the same to the Kelihos botnet, a global spam machine which shared a great deal of code with Waledac and infected more than 110,000 Microsoft Windows PCs.

Levashov was arrested in 2017 while in Barcelona, Spain with his family. According to a lengthy April 2017 story in Wired.com, he got caught because he violated a basic security no-no: He used the same log-in credentials to both run his criminal enterprise and log into sites like iTunes.

In fighting his extradition to the United States, Levashov famously told the media, “If I go to the U.S., I will die in a year.” But a few months after his extradition, Levashov would plead guilty to four felony counts, including intentional damage to protected computers, conspiracy, wire fraud and aggravated identity theft.

At his sentencing hearing today, Levashov thanked his wife, attorney and the large number of people who wrote the court in support of his character, but otherwise declined to make a statement. His attorney read a lengthy statement explaining that Levashov got into spamming as a way to provide for his family, and that over a period of many years that business saw him supporting countless cybercrime operations.

The plea agreement Levashov approved in 2018 gave Judge Robert Chatigny broad latitude to impose a harsh prison sentence. The government argued that under U.S. federal sentencing guidelines, Levashov’s crimes deserved an “offense level” of 32, which for a first-time offender means a sentence of anywhere from 121 to 151 months (10 to 12 years).

But Judge Chatigny said he had concerns that “the total offense level does overstate the seriousness of Mr. Levashov’s crimes and his criminal culpability,” and said he believed Levashov was unlikely to offend again.

“33 months is a long time and I’m sure it was especially difficult for you considering that you were away from your wife and child and home,” Chatigny told the defendant. “I believe you have a lot to offer and hope that you will do your best to be a positive and contributing member of society.”

Mark Rasch, a former federal prosecutor with the U.S. Justice Department, said the sentencing guidelines are no longer mandatory, but they do reflect the position of Congress, the U.S. Sentencing Commission, and the Administrative Office of the U.S. Courts about the seriousness of the offenses.

“One of the problems you have here is it’s hard enough to catch and prosecute and convict cybercriminals, but at the end of the day the courts often don’t take these offenses seriously,” Rasch said. “On the one hand, sentences like these do tend to diminish the deterrent effect, but also I doubt there are any hackers in St. Petersburg right now who are watching this case and going, ‘Okay, great now I can keep doing what I’m doing.'”

Judge Chatigny deferred ruling on what — if any — financial damages Levashov may have to pay as a result of the plea.

The government acknowledged that it was difficult to come to an accurate accounting of how much Levashov’s various botnets cost companies and consumers. But the plea agreement states a figure of approximately $7 million — which prosecutors say represents a mix of actual damages and ill-gotten gains.

However, the judge delayed ruling on whether to impose a fine because prosecutors had yet to supply a document to back up the defendant’s alleged profit/loss figures. The judge also ordered Levashov to submit to three years of supervised release, which includes constant monitoring of his online communications.


40 thoughts on “Spam Kingpin Peter Levashov Gets Time Served

  1. J Skott

    Crime pays for a criminal in liberal America. Right, Krebs?

  2. ReadandShare

    “His attorney read a lengthy statement explaining that Levashov got into spamming as a way to provide for his family…”

    To me, that’s worse than if the attorney had said nothing at all. When you want to say “sorry”, just say it. Saying in effect ‘sorry, but I had a good reason to’ pretty much negates the entire exercise – or worse.

    1. Jimmy resnix

      Just realized that these human traffickers are mostly women. When their husbands are away or in A sedated state . The floor has A elevator that brings A African American or other ethnicity up an or the to changes dimensions based on webrtc derived from biometrics and monarch. Tvs switch to their preference of taboo. Crazy huh.

  3. ReadandShare

    “His attorney read a lengthy statement explaining that Levashov got into spamming as a way to provide for his family…”

    To me, that’s worse than not saying anything at all. If you want to apologize, just say “sorry”. Adding a “sorry, but I had a good reason” negates the whole exercise – or worse!

  4. Notme

    Three years supervision in the USA? Or does he get to leave?

    1. western hillbilly

      Was wondering the same, any lawyers on here able to comment? Does he get a visa of some sort? Is he able to work or does the government support him for that length of time? Its an interesting catch 22. Do you just let him to back, essentially removing all conditions because Russia certainly isn’t going to enforce those conditions. Or does the government keep him here, and either needs to allow him to work &/or support him.

  5. Non-Stick Barnacle

    Who is going to constantly monitor his communications for three years and how much does that cost? Ans: Probably no one and a sh1t-ton.

  6. Jackson

    Crime pays for a criminal in MAGAt America. Right, Krebs?

  7. Vince Taylor

    No wonder so many people are disaffected and angry. If this had been a black, Mexican or poor white that stole a $2000 automobile, he would have gotten 10 or more years. Judges treat white collar criminals with concern and deference, apparently identifying with them because they are of the same social class. This judge should go to prison for ten years in Levashov’s place.

  8. Queequeg

    They could at least remove a couple fingers and slow him down on the keyboard next time.

  9. Queequeg

    How about removing a few of his fingers before releasing him. He’ll have to think a bit while sending more spam.

  10. KFritz

    Wisconsin Tourist Federation?! Three years? Does this judge not realize the social and economic havoc wrought by this pustule on the face of the earth? This unmentionable was apprehended in Barcelona, not some at some downmarket dump. He had enough money to pay for good legal help, which means that he’s still profiting from his crimes. Levashov deserves a much longer look at the inside of a Club Fed. Much of the judiciary still seem to be cyber-oafs, not understanding the magnitude and impact of cyber-crime.

  11. James Schumaker

    Levashov might have been traded for either Paul Whelan, Trevor Reed, or both. I wonder if this was even considered.

  12. Ellen

    I remember your articles on Severa and his botnets.

    1. My suggestions

      I would start by being very sceptical about the alert being genuine, so would not follow any links or advice from the email until I have confirmed its authenticity. Look at who the email claims to be from. If it is from someone other than your internet service provider then it’s unlikely to be genuine, as typically only your ISP can track who their IP addresses connect to. If it claims to be from law enforcement or from your Internet Service Provider, I would contact them by phone to confirm it’s authenticity first, using a number found by googling rather than from the alert itself. If the alert does prove to be genuine, then it’s likely that you’re computer is compromised by some malware, which is using it to send out spam. At that point you could do worse than to contact BleepingComputer’s virus and malware removal help forum at https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/ for advice.

      1. db

        Googling won’t necessarily get legitimate results.
        Wife did that with an online tax preparer – caught it in time, tho.

  13. Dzmitry Naskavets

    His attorney kept saying Kolpakov instead of Levashov in his speech – does anyone heard that? That’s a guy who was sentenced in Seattle 2 months ago for 7 years in Fin7 case.

    1. KoSReader600000

      “Somebody got paid for the light sentence.” – Joe

      It’s always a possibility.

      “Levashov was arrested in 2017 while in Barcelona, Spain with his family… Levashov thanked his wife, attorney and the large number of people who wrote the court in support of his character” -BK

      With a good lawyer and a large number of supporters, a little grease money could have found its way into the proceedings.

  14. The Sunshine State

    Alan Ralsky, what a huge lowlife

  15. Klock

    That’s what happens when you have a liberal leftist judging people. Disgusting.

    1. Barry Tinkle

      Well, the judge *is* a Clinton appointee.

      1. mealy

        Clinton was a centrist on almost every issue, look it up.

  16. Steve Bushman

    Let’s hope all those lib leftist judges go hard time sentencing of all those Trump Traitors from Jan 6.

    1. Techwannabe

      Are you taking about the fake Trump supporters? How about the guy that murdered the unarmed woman?
      As for this, the judge is an idiot! He doesn’t think the crime was very serious?!

      1. Chris Holland

        Everyone wants to be pro-cop, and advocate lethal force against the “other”… until you’re the threat that is put down.
        When its a black guy with a bat, they aren’t considered “unarmed” and lethal force is justified.
        When its a white lady jumping through a window with a flag pole, they are suddenly an innocent person and the cop is a murderer.

        The cop shouldn’t have fired, true. But that lady was a violent criminal threatening the safety of people the cop was sworn to protect.

  17. Henry

    I know someone who was convicted of one count of mail fraud and aiding and abetting. They got 3 years federal prison time and 1 year probation and the restitution didn’t hit more than a 5 figure number. Their life was destroyed, all their possessions gone, they lost contact with underage children due to a divorce while in prison. So this guy gets to destroy thousands of people and go home to his lovely wife and child. What a screwed up sense of justice we have in this country. I’m so impressed that the judge feels so much concern, empathy and compassion for such a slug. Good thing he thinks this guy has a lot to offer society since he has yet to prove so! What a crock!

  18. Jack

    The guy obviously cooperated and we don’t know exactly how much is true from indictment and he probably fully gave up all info he knew. People commenting here are so full of hate they would rather lock up someone for decade rather than use his talent for good. But hate nowadays seems to be the new normal

  19. Spamnation

    Somehow I’d missed (or forgotten) that Severa and his Storm infrastructure were linked to Ralsky and Rustock.

    I used to run a website that — among other things — published live reports of the Ralsky and Rustock pump-and-dump spams, flagging the penny stocks that were being actively manipulated. This apparently annoyed someone so much that my site was one of a handful of stock-spam and spam reporting sites targeted for a DDoS by the Storm botnet.
    I wonder if it was Ralsky or Rustock who commissioned that particular DDoS, or whether Severa just had some spare capacity and decided to do it as a favor to his preferred customers.

    Severa seems to have got off extraordinarily lightly considering the scale of his operations. I suppose we can console ourselves with the thought that spammers ALWAYS re-offend, and if he’s foolish enough to do it during his period of monitored release, he might find himself back in front of a less sympathetic judge.

  20. Igor Artimovich

    My congratulations to comrade Levashov. Our homeland needs him.

  21. Mo

    Should’ve been 15 years in a Federal penitentiary.

  22. LWilliams

    To get a light sentence, he must have let the courts know about many of his customers. I doubt this was a just a nice gesture

  23. MyBalanceNow

    The guy obviously cooperated and we don’t know exactly how much is true from indictment and he probably fully gave up all info he knew. People commenting here are so full of hate they would rather lock up someone for decade rather than use his talent for good. But hate nowadays seems to be the new normal

    1. Better not

      Brian, how unusual to see such a sparse, factual report without your usual insights.

      Levashov wasn’t some two bit player, you’ve done far more detailed workups of players operating leagues below this one.

      12 years was coming down the line – probably about what you’d expect given the US draconian sentencing, in fact it was pretty reasonable by those standards. Dropping this to time served, after an 11th hour motion pushing the sentencing back to late June is not business as usual.

      I always understood him to be a quiet, friendly rather grown up chap and in spite of having not one but several botnets that at time (and possibly before) rivalled Zeus in terms of numbers (and unlike Zeus was controlled by just him and a handful of others.) he always tended to keep away from anything worse than spam, he chose not to implement the features Zeus is now infamous for.

      Regardless, I think it’s pretty common knowledge that certain people (like monstr/slavic) worked very closely with GRU etc, sharing access to all the amazing things they now had access to. This is why Monstr lives openly in his home town under his own name in spite of being the probably the greatest cybercriminal of all time (he invented ransomware 10 years ago or something, Zeus was earth shattering and years ahead of its time.)

      Was surprised to see nothing in the article about whether Levashov might have also worked for the state in the past. This is not a secret either!

      What i don’t know, but do find rather coincidental is in the space of 2 weeks. Biden has a chat or two with Putin, who quite clearly demonstrates who is in charge and turns REvils lights out (for how long? Dunno, might not come back. They pushed it too far) and purely by chance somebody who Russia have consistently gone to bat for gets 12 years knocked off his sentence and walks.

      Let me just remind you gribodemon (23 years old?) got i think 17 years?

      While I hate to sound like one of those conspiracy sorts, can’t help but come away thinking nice one Vlad, good to see a man who doesn’t forget a favour

  24. ACES ETM

    Thanks for the update and quick reply. I’ll be sure to keep an eye on this thread.

Comments are closed.