A Russian national has pleaded guilty to charges related to a botnet scheme that siphoned millions of dollars from victims worldwide.
On Tuesday, the US Department of Justice (DoJ) said that Maxim Senkh, from Velikii Novgorod, Russia, admitted to participating in what prosecutors call a “criminal enterprise that installed and exploited malicious computer software on tens of thousands of computer servers throughout the world.”
The malware, known as Ebury, harvested OpenSSH login credentials from computers and servers that were infected. These stolen details were then used to create the Ebury botnet, a network of ‘slave’ computers and servers which all accepted instructions from Senkh and co-conspirators through a command and control (C&C) center.
The botnet was used to generate and redirect traffic for click-fraud and spam email campaigns, which generated millions of dollars in revenue.
As part of a plea agreement, the 41-year-old also admitted to creating accounts with domain registrars to extend the botnet’s capabilities.
Linux-based Ebury was first spotted in 2011. The malware has been called a “sophisticated backdoor” by security researchers as it uses a variety of techniques not only to steal credentials but also to maintain access to compromised servers.
Ebury logs and sends every credential, IP address and OpenSSH listening port to its operators, alongside the passwords used in unsuccessful attempts to access vulnerable servers, private key passphrases, and unencrypted private keys.
The infection is bad enough that researchers recommend that the full server OS is reinstalled on signs of infection.
Senakh has admitted guilt for conspiring to violate the Computer Fraud and Abuse Act as well as conspiracy to commit wire fraud in a Minnesota court before US District Judge Patrick Schlitz.
The Russian national was indicted on January 13, 2015, and was later arrested by Finnish law enforcement before being extradited to the United States.
The Russian national will be sentenced on August 3, where he could face up to a combined 30 years in prison.
Last year, researchers from White Ops discovered a Russian botnet operation which is raking in between $3 million and $5 million per day from US companies. Known as Methbot, the scheme specializes in using slave PCs to watch lucrative video-based ads to generate fraudulent revenue.