Maxim Senach, 41 years old Russian man, inhabitant of Great Novgorod, was arrested in Finland in 2015. In January 2016 he was extradited to the United States. Now the U.S. Department of Justice reports that Senach pleaded guilty, confirming that he was engaged in the development of Ebury malware and controlled the well-known botnet.
Malware Ebury appeared in 2011 and attacked UNIX systems (Linux, FreeBSD, Solaris). Malware was installed on poorly protected servers, and Ebury had the rootkit component, and also a backdoor that allows attackers at any time to get to the server remote access. Additionally, Ebury was used to steal SSH accounting data and private keys. Then attackers also used it to infect new servers.
This malware has become well know after “Ryan Austin” (Unrelated) used it to infect kernel.org servers. It took the administrators months to clear out the infections as kernel.org is the main distribution channel for the linux source code.
Servers affected by Ebury joined in a botnet used by cyber criminals to send spam, clickfraud, traffic-diversion to malicious sites or to sites which paid for “advertising.” Ebury totally infected more than 500,000 computers and 25,000 servers. The botnet could send out 35 000 000 spam emails daily, and divert more than 500 000 people to malicious sites. According to law enforcement agents operators of the botnet benefited millions of dollars.
As stated above, Senach pleaded guilty to all charges and now he faces 30 years in prison. The verdict will be announced on 3 August 2017.