Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty in a US federal court on Tuesday for his role in the development and maintenance of the infamous Linux botnet known as Ebury that siphoned millions of dollars from victims worldwide.
Senakh, who was detained by Finland in August 2015 and extradition to the US in January 2016, admitted to installing Ebury malware on computer servers worldwide, including thousands in the United States.
First spotted in 2011, Ebury is an SSH backdoor Trojan for Linux and Unix-style operating systems, like FreeBSD or Solaris, which infected more than 500,000 computers and 25,000 dedicated servers in a worldwide malware campaign called 'Operation Windigo.'
Ebury backdoor gives attackers full shell control of infected machines remotely even if passwords for affected user accounts are changed on a regular basis.
Ebury botnet network of thousands of compromised Linux systems had the capacity of sending over 35 million spam messages and redirecting more than 500,000 Web visitors to exploit kits every day.
According to the US Department of Justice, Senakh, along with the criminal organization, used Ebury to create and operate a botnet that would "generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes, which fraudulently generated millions of dollars in revenue."
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Senakh also admitted to personally profiting from the Ebury botnet. He is scheduled to be sentenced on 3rd August 2017, after pleading guilty to a conspiracy to violate the Computer Fraud and Abuse Act.
Senakh faces up to a combined 30 years in prison.
Ebury first came into the news in 2011 after Donald Ryan Austin, 27, of El Portal, Florida, installed Ebury on multiple servers owned by kernel.org and the Linux Foundation, which is used to maintain and distribute the Linux operating system kernel.
Austin, with no connection to the Ebury criminal organization, was arrested last year in September and charged with four counts of "intentional transmission causing damage to a protected computer."