Fraudster that generated millions of dollars via Ebury botnet pleads guilty

Next story

Today,  three years after ESET published its investigation of the Operation Windigo behind Linux/Ebury, the key actor –  Russian citizen Maxim Senakh  – pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud before U.S. District Judge Patrick J. Schlitz of the District of Minnesota.

ESET researchers helped the Federal Bureau of Investigation lead the investigation by providing technical expertise in identifying affiliate networks used by the Ebury gang, sharing sinkhole data to identify victims and produced a thorough technical report of the groups’ activity. Senakh was indicted on January 13, 2016 following his arrest and extradition from Finland.

As analysed by ESET in the Operation Windigo report, cybercriminals behind this operation were able to infect and exploit over 25-thousand Linux servers globally in order to generate more than 35 million of spam messages daily in order to gather millions of dollars in fraudulent payments.

According to admissions made in connection with the plea agreement, Linux/Ebury harvested log-on credentials from infected computer servers, allowing Senakh and his co-conspirators to create and operate a botnet comprising tens of thousands of infected servers throughout the world.

Senakh and his co-conspirators used the Ebury botnet to generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes. Senakh supported the criminal enterprise by helping to operate the Ebury botnet infrastructure and personally profited from traffic generated by this botnet.  

As with many cybercrime investigations, this case involved multiple entities, including the FBI Minneapolis Field Office, the Department of Justice’s Computer Crime and Intellectual Property Section, the U.S. Attorney for the District of Minnesota, the government of Finland, the Bundeskriminalamt (BKA), CERT-Bund, and the Office of International Affairs in Department of Justice’s Criminal Division.

In the past years, ESET has witnessed an increase in the volume and sophistication of APT's targeting critical infrastructure systems. Last year's discovery of BlackEnergy highlighted cyber criminals pursuit to create malware designed to cause considerable damage.

Server-side Linux malware is damageable to the Internet and all of its users. It is often overlooked due to a lack of telemetry. The Linux/Ebury malware does not interrupt the affected server’s legitimate activity, therefore running a stable server security solution is always a good preventative step. 

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on LinkedInFacebook and Twitter.


Anna Keeve

ESET North America



ESET Smart Security Premium box


ESET Smart Security Premium


ESET Internet Security


ESET NOD32 Antivirus

Small and Home  office protection

Easy-to-use device security with advanced privacy features

ESET Mobile Security for Android

Keep your Android device safe. Wherever you go

ESET Parental Control for Android

Protect your children online with confidence

ESET Smart TV Security box

ESET Smart TV Security

Internet of Things security starts with your TV

Renew my license

Renew, upgrade or add devices to your license


Manage your license, update date and more


Install your protection or try ESET free for 30 days


Install your business protection or request a free trail


Superior technology

Learn more about our unified cybersecurity platform

Industry recognition

ESET cybersecurity solutions are recognized and industry-wide.

Corporate blog

Cybersecurity news from ESET's award-winning researches.

Customer zone


Manage your license, update billing information and more

Live chat

Need help purchasing, renewing a license or have product questions?

Business sales

for business customers

For business sales call: