Leo Kuvayev
Encyclopedia
Leonid Aleksandrovitch Kuvayev, (born 13 May 1972), who usually goes by the name of Leo, is a Russian/American spammer believed to be the ringleader of one of the world's biggest spam
gangs. In 2005, he and six business partners were fined $37 million as a result of a lawsuit brought by the Massachusetts
attorney general
. It was found that they were responsible for millions of unsolicited e-mails per day. According to Spamhaus he could be the "Pharmamaster" spammer who performed a denial-of-service attack
(DDoS) against the BlueSecurity company. Kuvayev is also behind countless phishing
and mule recruiting sites hosted on botnet
s.
, Quebec
called 2k Services with his partner Vladislav Khokholkov (Vlad). 2K's business involved several ventures, a credit card processing company that specialized in membership systems (MemberPro) and online casino
s (ecash services). These ventures were essentially a wrapper for his credit card processing system, paid search (2k Search), a Top List system (Top100), and a referral program (Cash For Clicks). When Vlad was deported back to Russia
, the company moved some of its programming services there, to a site not far from Moscow
.
His casino business made the bulk of its money by selling low priced software licenses to casino operators and then charging a minimum processing fee for each casino from the owner. The software was notoriously buggy and made several casino blacklists even before Kuvayev had the programmers in Russia implement "Odds Management" to raise the odds of winning on free games and lower the odds on the paid games.
The Top100 system was a way to create pages of rankings and made the bulk of its money from banner advertisements
. In 2001, Vladislav worked out a way to recover from the loss of revenue caused by dropping market rates for banner ads by exploiting a bug in Internet Explorer
that allowed a maliciously coded website to overwrite arbitrary files on the victim's hard drive. Vlad's programmers implemented code in top100 to overwrite C:\windows\system32\drivers\etc\hosts
with a version that redirected auto.search.msn.com to 2ksearch.com; this had the effect of redirecting all mistyped web addresses to 2ksearch. This business model was abandoned when the resulting complaints forced the paid search providers to terminate 2ksearch's contract.
to create several porn sites specializing in Asians, gay sex and bestiality. In mid 2003 anti-spam activists succeeded in forcing Groupe Telecom to change its spam policy from their previous, spam-friendly position to one of zero tolerance. Groupe Telecom took advantage of the fact that 2k Services was moving offices as an excuse to terminate the contract for his fibre optic link; since they had no spam clause in their contract, they had had no grounds previously to terminate their connection, but the relocation provided the excuse they needed. This left 2K services scrambling to find new hosting. Every other ISP in the area, however, refused to allow Leo to conduct business on their networks, and as a result, he was forced to move all of his hosting to more spam-friendly locations outside the country.
Eventually the lack of hosting opportunities and high employee turnover forced 2k Services to shut down all Montreal
operations and move everything to Russia.
Kuvayev has registered domains with registrars operating in China
, New Zealand
, and France
. Most of his actual web pages have been hosted in China. It is suspected by some information security
professionals that Kuvayev may be involved in the operation and control of the Storm botnet
.
As of 1 June 2011, Kuvayev has confessed to sex crimes, sexually molesting girls as young as 13 years of age using the basement of his office in Moscow as a "dungeon". Kuvayev allegedly targeted vulnerable youngsters from children's homes, some of whom had mental or learning disabilities. Reports indicate that Kuvayev could face up to 20 years in prison for each offence.
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
gangs. In 2005, he and six business partners were fined $37 million as a result of a lawsuit brought by the Massachusetts
Massachusetts
The Commonwealth of Massachusetts is a state in the New England region of the northeastern United States of America. It is bordered by Rhode Island and Connecticut to the south, New York to the west, and Vermont and New Hampshire to the north; at its east lies the Atlantic Ocean. As of the 2010...
attorney general
Attorney General
In most common law jurisdictions, the attorney general, or attorney-general, is the main legal advisor to the government, and in some jurisdictions he or she may also have executive responsibility for law enforcement or responsibility for public prosecutions.The term is used to refer to any person...
. It was found that they were responsible for millions of unsolicited e-mails per day. According to Spamhaus he could be the "Pharmamaster" spammer who performed a denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
(DDoS) against the BlueSecurity company. Kuvayev is also behind countless phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and mule recruiting sites hosted on botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
s.
2K Services, eCash, and Top100
Kuvayev originally started a company in MontrealMontreal
Montreal is a city in Canada. It is the largest city in the province of Quebec, the second-largest city in Canada and the seventh largest in North America...
, Quebec
Quebec
Quebec or is a province in east-central Canada. It is the only Canadian province with a predominantly French-speaking population and the only one whose sole official language is French at the provincial level....
called 2k Services with his partner Vladislav Khokholkov (Vlad). 2K's business involved several ventures, a credit card processing company that specialized in membership systems (MemberPro) and online casino
Casino
In modern English, a casino is a facility which houses and accommodates certain types of gambling activities. Casinos are most commonly built near or combined with hotels, restaurants, retail shopping, cruise ships or other tourist attractions...
s (ecash services). These ventures were essentially a wrapper for his credit card processing system, paid search (2k Search), a Top List system (Top100), and a referral program (Cash For Clicks). When Vlad was deported back to Russia
Russia
Russia or , officially known as both Russia and the Russian Federation , is a country in northern Eurasia. It is a federal semi-presidential republic, comprising 83 federal subjects...
, the company moved some of its programming services there, to a site not far from Moscow
Moscow
Moscow is the capital, the most populous city, and the most populous federal subject of Russia. The city is a major political, economic, cultural, scientific, religious, financial, educational, and transportation centre of Russia and the continent...
.
His casino business made the bulk of its money by selling low priced software licenses to casino operators and then charging a minimum processing fee for each casino from the owner. The software was notoriously buggy and made several casino blacklists even before Kuvayev had the programmers in Russia implement "Odds Management" to raise the odds of winning on free games and lower the odds on the paid games.
The Top100 system was a way to create pages of rankings and made the bulk of its money from banner advertisements
Web banner
A web banner or banner ad is a form of advertising on the World Wide Web delivered by an ad server. This form of online advertising entails embedding an advertisement into a web page. It is intended to attract traffic to a website by linking to the website of the advertiser...
. In 2001, Vladislav worked out a way to recover from the loss of revenue caused by dropping market rates for banner ads by exploiting a bug in Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
that allowed a maliciously coded website to overwrite arbitrary files on the victim's hard drive. Vlad's programmers implemented code in top100 to overwrite C:\windows\system32\drivers\etc\hosts
Hosts file
The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is conventionally named hosts.-Purpose:...
with a version that redirected auto.search.msn.com to 2ksearch.com; this had the effect of redirecting all mistyped web addresses to 2ksearch. This business model was abandoned when the resulting complaints forced the paid search providers to terminate 2ksearch's contract.
Spamming
Kuvayev got his start in the larger spam world when he partnered with Alan RalskyAlan Ralsky
Alan Ralsky is a convicted American fraudster, best known for his activities as a spammer.-Spamming:According to experts in the field, Ralsky is one of the most prolific sources of junk e-mail worldwide. Unlike most spammers, he has provided interviews to various newspapers, although he claimed to...
to create several porn sites specializing in Asians, gay sex and bestiality. In mid 2003 anti-spam activists succeeded in forcing Groupe Telecom to change its spam policy from their previous, spam-friendly position to one of zero tolerance. Groupe Telecom took advantage of the fact that 2k Services was moving offices as an excuse to terminate the contract for his fibre optic link; since they had no spam clause in their contract, they had had no grounds previously to terminate their connection, but the relocation provided the excuse they needed. This left 2K services scrambling to find new hosting. Every other ISP in the area, however, refused to allow Leo to conduct business on their networks, and as a result, he was forced to move all of his hosting to more spam-friendly locations outside the country.
Eventually the lack of hosting opportunities and high employee turnover forced 2k Services to shut down all Montreal
Montreal
Montreal is a city in Canada. It is the largest city in the province of Quebec, the second-largest city in Canada and the seventh largest in North America...
operations and move everything to Russia.
Current whereabouts
Kuvayev is also believed by some to be operating under the alias "Alex Rodrigez". Under this alias, he has registered hundreds of domains through various registrars to illegally sell software, prescription drugs, and more.Kuvayev has registered domains with registrars operating in China
China
Chinese civilization may refer to:* China for more general discussion of the country.* Chinese culture* Greater China, the transnational community of ethnic Chinese.* History of China* Sinosphere, the area historically affected by Chinese culture...
, New Zealand
New Zealand
New Zealand is an island country in the south-western Pacific Ocean comprising two main landmasses and numerous smaller islands. The country is situated some east of Australia across the Tasman Sea, and roughly south of the Pacific island nations of New Caledonia, Fiji, and Tonga...
, and France
France
The French Republic , The French Republic , The French Republic , (commonly known as France , is a unitary semi-presidential republic in Western Europe with several overseas territories and islands located on other continents and in the Indian, Pacific, and Atlantic oceans. Metropolitan France...
. Most of his actual web pages have been hosted in China. It is suspected by some information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
professionals that Kuvayev may be involved in the operation and control of the Storm botnet
Storm botnet
The Storm botnet or Storm worm botnet is a remotely controlled network of "zombie" computers that have been linked by the Storm Worm, a Trojan horse spread through e-mail spam...
.
As of 1 June 2011, Kuvayev has confessed to sex crimes, sexually molesting girls as young as 13 years of age using the basement of his office in Moscow as a "dungeon". Kuvayev allegedly targeted vulnerable youngsters from children's homes, some of whom had mental or learning disabilities. Reports indicate that Kuvayev could face up to 20 years in prison for each offence.
External links
- Spamhaus ROKSO record on Leo Kuvayev
- Spamhaus record linking the alias Alex Rodrigez to Leo Kuvayev
- European Spam Wiki entry on Leo Kuvayev
- AbuseButler recent WHOIS for Alex Rodrigez domain
- The devil in the Internet, comprehensive article on Kuvayev and his vita so far (in German)