London, UK. Three years after ESET published its investigation of Operation Windigo and the actors behind the Linux/Ebury campaign, one of the co-conspirators – Maxim Senakh, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud before U.S. District Judge Patrick J. Schlitz of the District of Minnesota.
ESET researchers helped the Federal Bureau of Investigation lead the investigation by providing technical expertise in identifying affiliate networks used by the Ebury gang, sharing sinkhole data to identify victims and produced a thorough technical report of the groups’ activity. Senakh was indicted on January 13, 2016 following his arrest and extradition from Finland.
As analysed by ESET in the Operation Windigo report, cybercriminals behind this operation were able to infect and exploit over 25-thousand Linux servers globally in order to generate more than 35 million of spam messages daily in order to gather millions of dollars in fraudulent payments.
According to admissions made in connection with the plea agreement, Linux/Ebury harvested log-on credentials from infected computer servers, allowing Senakh and his co-conspirators to create and operate a botnet comprising tens of thousands of infected servers throughout the world.
Senakh and his co-conspirators used the Ebury botnet to generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes. Senakh supported the criminal enterprise by helping to operate the Ebury botnet infrastructure and personally profited from traffic generated by this botnet.
As with many cybercrime investigations, this case involved multiple entities, including the FBI Minneapolis Field Office, the Department of Justice’s Computer Crime and Intellectual Property Section, the U.S. Attorney for the District of Minnesota, the government of Finland, the Bundeskriminalamt (BKA), CERT-Bund, and the Office of International Affairs in Department of Justice’s Criminal Division.