Skip to main content

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

A Russian hacker says he helped create a collection of thousands of infected computer servers – including some in Minnesota – as part of a scheme to make millions of dollars off ad clicks.

Maxim Senakh pleaded guilty Tuesday to federal computer fraud charges, the Department of Justice announced. He'd been indicted back in January of 2015 and was arrested by Finnish authorities (something Moscow was not happy about). He was extradited to the U.S. to face charges a year later.

So what was the 41-year-old Velikii Novgorod native accused of doing?

According to the indictment against him:

Senakh and his fellow hackers (who are not named) installed malware called Ebury on servers across the U.S. It started with a sever in Minneapolis in August of 2013, then one in Duluth, before spreading further.

This Ebury malware could then steal log-in credentials for the servers – allowing hackers like Senakh to take control without anyone knowing.

One controlled server is called a bot. A network of these controlled servers or computers is called a botnet – which is why authorities referred to this as a "global botnet conspiracy."

What did they do with this botnet?

Well when someone browsing the internet was supposed to go to a website that's hosted on one of these servers, the Ebury malware would instead redirect them to an advertiser's website. So for example, some people who tried to visit myphotohome.com got pushed to an ad site.

That visit would be seen as the internet user clicking the ad, and unwitting advertisers would then pay Senakh for each of those clicks (which is a common form of legitimate advertising, referred to as "pay-per-click" – it's usually not a Russian hacker faking clicks to get more money).

Senakh and co. also sent hundreds of thousands of spam emails out, and when someone clicked on a link within the message, the Ebury-infected servers again rerouted them to one of the advertiser sites.

In all, Senakh and his group collected millions of dollars from the scheme.

Senakh's guilty plea included admitting to profiting from the scheme, and also his role "creating accounts with domain registrars" to build out the botnet. He'll be sentenced in August.

Pay-per-click fraud is listed by Sophos as one of the methods hackers use to make money through malware.

CERT-Bund, the federal computer emergency response team for Germany, says Ebury targets Linux and Unix-style operating systems (so not Windows or OSX). The group says in 2013, computers in more than 60 countries were identified as having been infected with the malware.

Next Up

covid, vaccine, booster shots

COVID: All Americans over 50 advised to get a second booster

Cases, hospitalizations and deaths are on the rise again as new COVID variants emerge.

J.W. Peck (left) and Eric Galler.

2 Minnesotans inducted into White Castle's Hall of Fame

White Castle — it's what a man in Minneapolis and another in Woodbury, crave.

Screen Shot 2022-05-21 at 5.46.37 PM

Video shows officers ended pursuit before fatal crash in Anoka

The crash occurred when the driver fled police during an attempted traffic stop in Coon Rapids.

Eli Hart

6-year-old Eli Hart identified as boy found dead in car trunk

The kindergartner's father was trying to get full custody of his son.

IMG_3509

Boy found dead in trunk of car in Mound was kindergartner

"It is horrifying and difficult to process a tragedy of this magnitude, especially in our close-knit community," the superintendent wrote.

Minneapolis police

Man found yelling for help after being shot in Minneapolis

The shooting occurred on the 800 block of Elwood Avenue North at around 9:15 p.m.

Screen Shot 2022-05-21 at 9.56.21 AM

Minneapolis North principal says she was fired, district says otherwise

“MPS requires schools to follow protocols in times like that and I did not,” Friestleben said.

Kris Richard Severin

Inmate who escaped Minnesota prison is captured

The inmate escaped Wednesday morning.

Brave New Comedy Workshop in downtown Minneapolis.

Brave New Workshop cancels shows due to COVID-19 cases

The shows were scheduled for Friday and Saturday at the Brave New Workshop Comedy Theatre.

Austin Retterath

Body of missing U of M student found in Mississippi River

Austin Retterath was last seen alive in the morning hours of May 8.

"Love" mural seen in St. Paul.

Summer mural events to bring together community, shine light on MN artists

The 2022 Chroma Zone Mural & Art Festival will take place this weekend in St. Paul's Creative Enterprise Zone, with ensuing events happening this summer.

Related

A Russian hacker was sentenced for infecting thousands of U.S. servers – starting in MN

He helped infect thousands of U.S. servers – starting in Minnesota.

How an international cybercriminal hijacked computers through a MN website

Charges against Peteris Sahurovs reveal how he allegedly stole millions of dollars via a Minnesota website.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Hacker continues to jab Minnesota institutions, this time going at the U of M

The hacker already accessed state government and MSU Moorhead data without authorization.

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?