Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.
Author:
Updated:
Original:

A Russian hacker says he helped create a collection of thousands of infected computer servers – including some in Minnesota – as part of a scheme to make millions of dollars off ad clicks.

Maxim Senakh pleaded guilty Tuesday to federal computer fraud charges, the Department of Justice announced. He'd been indicted back in January of 2015 and was arrested by Finnish authorities (something Moscow was not happy about). He was extradited to the U.S. to face charges a year later.

So what was the 41-year-old Velikii Novgorod native accused of doing?

According to the indictment against him:

Senakh and his fellow hackers (who are not named) installed malware called Ebury on servers across the U.S. It started with a sever in Minneapolis in August of 2013, then one in Duluth, before spreading further.

This Ebury malware could then steal log-in credentials for the servers – allowing hackers like Senakh to take control without anyone knowing.

One controlled server is called a bot. A network of these controlled servers or computers is called a botnet – which is why authorities referred to this as a "global botnet conspiracy."

What did they do with this botnet?

Well when someone browsing the internet was supposed to go to a website that's hosted on one of these servers, the Ebury malware would instead redirect them to an advertiser's website. So for example, some people who tried to visit myphotohome.com got pushed to an ad site.

That visit would be seen as the internet user clicking the ad, and unwitting advertisers would then pay Senakh for each of those clicks (which is a common form of legitimate advertising, referred to as "pay-per-click" – it's usually not a Russian hacker faking clicks to get more money).

Senakh and co. also sent hundreds of thousands of spam emails out, and when someone clicked on a link within the message, the Ebury-infected servers again rerouted them to one of the advertiser sites.

In all, Senakh and his group collected millions of dollars from the scheme.

Senakh's guilty plea included admitting to profiting from the scheme, and also his role "creating accounts with domain registrars" to build out the botnet. He'll be sentenced in August.

Pay-per-click fraud is listed by Sophos as one of the methods hackers use to make money through malware.

CERT-Bund, the federal computer emergency response team for Germany, says Ebury targets Linux and Unix-style operating systems (so not Windows or OSX). The group says in 2013, computers in more than 60 countries were identified as having been infected with the malware.

Next Up

124906958_401361401236047_6293747214536025849_o

Pandemic pushes need for cybersecurity and I.T. professionals to forefront

University of Wisconsin-Superior is helping meet demand with online master’s programs

Screen Shot 2020-12-03 at 5.01.58 PM

Body found floating in Minnesota River in Shakopee

Efforts to identify the deceased are underway.

Hennepin County Government Center

Judge finds suspect guilty in 1991 murder of young Minneapolis woman

A 58-year-old man from South St. Paul, who was 29 at the time, has been found guilty of stabbing a 20-year-old woman

northfield community education center

Northfield school fires employee who allegedly gave melatonin to infant

It's against district policies to give a child anything without a parents' permission.

state hockey tournament, mshsl

MSHSL approves 3 calendars to start winter sports as soon as Dec. 21

The start date will depend on whether the state shutdown is lifted.

hydrocodon-DEA

Drug overdose deaths up 31% in the first half of 2020

Overdose deaths started to increase sharply in March, which coincides with the state-ordered lockdown for the COVID-19 pandemic.

los ocampos

Video: Vehicle crashes into St. Paul restaurant

The fire department is on scene addressing a gas leak.

covid-19, coronavirus

Latest county infection rates are sky-high throughout Minnesota

Kandiyohi County is one of the hardest hit counties in the state.

Jenna Fish

Family's warning after teen's tragic death from CO poisoning at Thanksgiving

A 17-year-old girl from Delano died after Thanksgiving due to carbon monoxide poisoning.

Plainview

More than $12K donated to MN gym owner who refused to close

The small business is located in town in Wabasha County.

radio station, microphone

MPR, The Current launch new weekly segment called 'The Warming House'

The program will feature feel-good entertainment amid the pandemic.

Related

A Russian hacker was sentenced for infecting thousands of U.S. servers – starting in MN

He helped infect thousands of U.S. servers – starting in Minnesota.

How an international cybercriminal hijacked computers through a MN website

Charges against Peteris Sahurovs reveal how he allegedly stole millions of dollars via a Minnesota website.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Hacker continues to jab Minnesota institutions, this time going at the U of M

The hacker already accessed state government and MSU Moorhead data without authorization.

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?