Recent News - Fraudster Behind the Million Dollar Operation Windigo Malware Pleads Guilty


Yesterday, three years after ESET published its investigation of Operation Windigo and the actors behind the Linux/Ebury campaign, one of the co-conspirators – Maxim Senahk, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud before U.S. District Judge Patrick J. Schlitz of the District of Minnesota.

ESET researchers helped the Federal Bureau of Investigation lead the investigation by providing technical expertise in identifying affiliate networks used by the Ebury gang, sharing sinkhole data to identify victims and produced a thorough technical report of the groups’ activity. Senakh was indicted on January 13, 2016 following his arrest and extradition from Finland. 

As analysed by ESET in the Operation Windigo report, cybercriminals behind this operation were able to infect and exploit over 25-thousand Linux servers globally in order to generate more than 35 million of spam messages daily in order to gather millions of dollars in fraudulent payments.

According to admissions made in connection with the plea agreement, Linux/Ebury harvested log-on credentials from infected computer servers, allowing Senakh and his co-conspirators to create and operate a botnet comprising tens of thousands of infected servers throughout the world.

Senakh and his co-conspirators used the Ebury botnet to generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes. Senakh supported the criminal enterprise by helping to operate the Ebury botnet infrastructure and personally profited from traffic generated by this botnet.

As with many cybercrime investigations, this case involved multiple entities, including the FBI Minneapolis Field Office, the Department of Justice’s Computer Crime and Intellectual Property Section, the U.S. Attorney for the District of Minnesota, the government of Finland, the Bundeskriminalamt (BKA), CERT-Bund, and the Office of International Affairs in Department of Justice’s Criminal Division.

In the past years, ESET has witnessed an increase in the volume and sophistication of APT's targeting critical infrastructure systems. Last year's discovery of BlackEnergy highlighted cyber criminals pursuit to create malware designed to cause considerable damage. 

Server-side Linux malware is damageable to the Internet and all of its users. It is often overlooked due to a lack of telemetry. The Linux/Ebury malware does not interrupt the affected server’s legitimate activity, therefore running a stable server security solution is always a good preventative step. 


About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit or follow us on Facebook.


About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit or call (65) 6296-4268.

Previous News Next News

Return to the previous page