Russian Maxim Senah confessed to involvement in the Windigo cyber campaign.
Three years ago, ESET published a report on the operation of Windigo, a malicious campaign that resulted in the compromising of tens of thousands of Linux and UNIX servers. This week, one of the suspected cyber attacks, Maxim Senah from Veliky Novgorod, in a US court pleaded guilty to violating the computer fraud and abuse law (CFAA).
Cybergroup Windigo malware infected Linux / Ebury more than 25 000 Linux-servers around the world. The compromised infrastructure made it possible to generate over 35 million spam messages per day, which brought botnet operators millions of dollars.
ESET specialists took part in an investigation initiated by the FBI. They identified the botnet’s partner networks, analyzed data from the servers from which the attacks were carried out to identify victims, and prepared a detailed technical report.
')
On January 13, 2015, Maxim Senahu was charged in absentia, followed by arrest in Finland and extradition to the United States. Currently, Senach has pleaded guilty in distributing the Linux / Ebury malware.
According to the investigation, Senakh and his accomplices collected authentication data from servers infected with Linux / Ebury. They created a botnet from tens of thousands of compromised servers to generate and redirect web traffic in various fraudulent schemes related to click fraud and spam. Maksim Senakh personally participated in criminal activities, supported the botnet's infrastructure and benefited from the generated traffic.
In addition to ESET, several organizations participated in the investigation, including the General Directorate of the FBI in Minneapolis, the Department of Computer Crime and Intellectual Property of the US Department of Justice, the Government of Finland, the Federal Criminal Police Office of Germany, CERT-Bund, and others.
In recent years, ESET has noted an increase in the volume and complexity of ART attacks aimed at critical infrastructure . In 2016, attacks using BlackEnergy illustrated the tendency to create malware designed for cyber sabotage.
Malicious programs targeting Linux servers are relatively difficult to detect. Linux / Ebury was often overlooked, because the program does not disrupt the operation of the server. To prevent infections, we recommend using a reliable server security solution .
Cybergroup Windigo malware infected Linux / Ebury more than 25 000 Linux-servers around the world. The compromised infrastructure made it possible to generate over 35 million spam messages per day, which brought botnet operators millions of dollars.
ESET specialists took part in an investigation initiated by the FBI. They identified the botnet’s partner networks, analyzed data from the servers from which the attacks were carried out to identify victims, and prepared a detailed technical report.
')
On January 13, 2015, Maxim Senahu was charged in absentia, followed by arrest in Finland and extradition to the United States. Currently, Senach has pleaded guilty in distributing the Linux / Ebury malware.
According to the investigation, Senakh and his accomplices collected authentication data from servers infected with Linux / Ebury. They created a botnet from tens of thousands of compromised servers to generate and redirect web traffic in various fraudulent schemes related to click fraud and spam. Maksim Senakh personally participated in criminal activities, supported the botnet's infrastructure and benefited from the generated traffic.
In addition to ESET, several organizations participated in the investigation, including the General Directorate of the FBI in Minneapolis, the Department of Computer Crime and Intellectual Property of the US Department of Justice, the Government of Finland, the Federal Criminal Police Office of Germany, CERT-Bund, and others.
In recent years, ESET has noted an increase in the volume and complexity of ART attacks aimed at critical infrastructure . In 2016, attacks using BlackEnergy illustrated the tendency to create malware designed for cyber sabotage.
Malicious programs targeting Linux servers are relatively difficult to detect. Linux / Ebury was often overlooked, because the program does not disrupt the operation of the server. To prevent infections, we recommend using a reliable server security solution .
Source: https://habr.com/ru/post/325338/
All Articles