Leo Kuvayev

From Wikipedia, the free encyclopedia

Leo Kuvayev
Born Leonid Aleksandrovitch Kuvayev
13 May 1972
Other names Alex Rodrigez
Alma mater MIT

Leo Kuvayev (born 13 May 1972) is a Russian/American spammer[1] believed to be the ringleader of one of the world's biggest spam gangs. In 2005, he and six business partners were fined $37 million as a result of a lawsuit brought by the Massachusetts attorney general.[2] It was found that they were responsible for millions of unsolicited e-mails per day. According to Spamhaus he could be the "Pharmamaster" spammer who performed a denial-of-service attack (DDoS) against the BlueSecurity company. Kuvayev is also behind countless phishing and mule recruiting sites hosted on botnets. His full name is Leonid Aleksandrovitch Kuvayev, but he tends to go by Leo.

Contents

[edit] 2K Services, eCash, and Top100

Kuvayev originally started a company in Montreal, Quebec called 2k Services with his partner Vladislav Khokholkov (Vlad). 2K's business involved several ventures, a credit card processing company that specialized in membership systems (MemberPro) and online casinos (ecash services). These ventures were essentially a wrapper for his credit card processing system, paid search (2k Search), a Top List system (Top100), and a referral program (Cash For Clicks). When Vlad was deported back to Russia, the company moved some of its programming services there, to a site not far from Moscow.

His casino business made the bulk of its money by selling low priced software licenses to casino operators and then charging a minimum processing fee for each casino from the owner. The software was notoriously buggy and made several casino blacklists even before Kuvayev had the programmers in Russia implement "Odds Management" to raise the odds of winning on free games and lower the odds on the paid games.

The Top100 system was a way to create pages of rankings and made the bulk of its money from banner advertisements. In 2001, Vladislav worked out a way to recover from the loss of revenue caused by dropping market rates for banner ads by exploiting a bug in Internet Explorer that allowed a maliciously coded website to overwrite arbitrary files on the victim's hard drive. Vlad's programmers implemented code in top100 to overwrite C:\windows\system32\drivers\etc\hosts with a version that redirected auto.search.msn.com to 2ksearch.com; this had the effect of redirecting all mistyped web addresses to 2ksearch. This business model was abandoned when the resulting complaints forced the paid search providers to terminate 2ksearch's contract.

[edit] Spamming

Kuvayev got his start in the larger spam world when he partnered with Alan Ralsky to create several porn sites specializing in Asians, gay sex and bestiality. In mid 2003 anti-spam activists succeeded in forcing Groupe Telecom to change its spam policy from their previous, spam-friendly position to one of zero tolerance. Groupe Telecom took advantage of the fact that 2k Services was moving offices as an excuse to terminate the contract for his fibre optic link; since they had no spam clause in their contract, they had had no grounds previously to terminate their connection, but the relocation provided the excuse they needed. This left 2K services scrambling to find new hosting. Every other ISP in the area, however, refused to allow Leo to conduct business on their networks, and as a result, he was forced to move all of his hosting to more spam-friendly locations outside the country.

Eventually the lack of hosting opportunities and high employee turnover forced 2k Services to shut down all Montreal operations and move everything to Russia.

[edit] Current Whereabouts

Kuvayev is also believed by some to be operating under the alias "Alex Rodrigez". Under this alias, he has registered hundreds of domains through various registrars to illegally sell software, prescription drugs, and more. Though his current location is unknown, he may be living either in Finland or Tahiti, according to registration data for his domains.

Kuvayev has registered domains with registrars operating in China, New Zealand, and France. Most of his actual web pages have been hosted in China. It is suspected by some information security professionals that Kuvayev may be involved in the operation and control of the Storm botnet[3].

[edit] References

  1. ^ Spamhaus Profile
  2. ^ Massachusetts tackles spam gang
  3. ^ David Utter, Security Pro News, "Storm Botnet Driving PDF Spam", July 13, 2007.

[edit] External links