A Russian citizen behind “tens of thousands” of Ebury trojan infections has entered a guilty plea in the US and will face sentencing in August.
The US Department of Justice indicted Maxim Senakh, now 41, in January 2015.
Ebury was a trojan carrying an SSH rootkit and putting backdoors into its targets, which were Linux, FreeBSD, and Solaris systems. Once machines were infected, it used crafted DNS packets to exfiltrate user credentials.
Senakh was charged with using the botnet, which included thousands of machines in America, and the DOJ says the operation reaped “millions of dollars”.
Along with unnamed conspirators, the DOJ statement says, Senakh used the botnets to “generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes”.
Senakh's role was to create accounts with domain registrars to build the botnet infrastructure.
After his January 2015 indictment, Senakh was nabbed in Finland and extradited to the USA, where he was charged in the district of Minnesota. The charges carry as much as ten years in prison.
German's Bund-CERT carries a description of Ebury, from 2014, here.
The trojan was used in Donald Ryan's 2011 attack on servers owned by kernel.org and the Linux Foundation. That attack knocked the servers offline for nearly a month. ®