A Russian hacker extradited from Finland to face allegations he was behind a global botnet that netted millions of euros in illicit profits has pleaded guilty to computer and wire fraud conspiracy charges in front of a federal judge in Minnesota.
According to a statement from the US Department of Justice, 41-year-old Maxim Senakh admitted being behind the distribution of the Ebury trojan malware, which harvested log in credentials from infected devices.
Prosecutors allege this allowed Senakh and his associates to create a huge botnet made up of tens of thousands of infected servers around the globe, including many in the US.
Senakh and his co-conspirators are said to have used the botnet they created to generate and then redirect a huge amount of internet traffic in support of various spam email and click fraud schemes they were running, generating millions of euros in revenue.
In a plea bargain, Senakh confessed to facilitating the enterprise by creating accounts with domain registrars, helping to build the botnet infrastructure.
He also accepted he had personally profited from traffic generated by the Ebury botnet.
Senakh will be sentenced on 3 August, after pleading guilty to a conspiracy to violate the US Computer Fraud and Abuse Act, the Justice Department said.
Finland agreed to extradite Senakh to the US in January last year after he was arrested in August 2014, despite Russia claiming his detention was illegal.
Before Senakh’s extradition was approved, the Russian foreign ministry said it hoped Finland would take its “position into account”, describing his detention as “an abuse of the law in violation of internationally accepted procedural norms”, according to the Reuters news agency.
In a statement, Russia’s foreign ministry said: “We reaffirm our categorical objections to the extradition of Russian citizens to the United States, where they are facing absurd kinds of punishment such as imprisonment for more than 100 years,”
Craig Lisher, a spokesperson for the FBI, said the case was handled in Minnesota after the agency’s cyber investigators found Senakh was targeting the state’s citizens.
The charges Senakh has admitted carry a maximum sentence of up to 10 years behind bars.
The Ebury virus, which first appeared in 2011, targets UNIX-like operating systems such as Linux, and reports every credential, IP address and OpenSSH listening port to its operators, along with passwords used in unsuccessful attempts to access vulnerable servers, private key passphrases and unencrypted private keys.
Ebury contains a rootkit component that enables it survive reboots, and provides a backdoor to provide criminals remote system access.
In analysis of the malware, anti-virus software firm ESET’s WeLiveSecurity blog advises that any device infected with Ebury should have its operating system reinstalled, and that any compromised passwords and private OpenSSH keys should be changed.
