Google recently disrupted the malware activities of a sophisticated botnet – Glupteba. The search engine giant claimed the Glupteba botnet has been targeting Windows systems by protecting itself using blockchain technology. Google disrupted the key command and control infrastructure of the Glupteba to dissolve its operations completely.
“Botnets are a real threat to Internet users and require the efforts of industry and law enforcement to deter them. As part of our ongoing work to protect people who use Google services via Windows and other IoT devices, our Threat Analysis Group took steps to detect and track Glupteba’s malicious activity over time. Our research and understanding of this botnet’s operations put us in a unique position to disrupt it and safeguard Internet users around the world,” Google said.
Glupteba Botnet in Brief
A botnet is a set of Internet-connected devices that carries malicious commands under the remote control of the attacker. Threat actors often use botnets to compromise a targeted network, deploy malware, and launch Distributed Denial-of-Service (DDoS) attacks.
Google stated that Glupteba can steal users’ credentials and data, mining cryptocurrencies on infected hosts, and set up proxies to funnel other people’s internet traffic through infected machines and routers. The botnet currently involves approximately one million compromised Windows devices worldwide and is expected to grow at a rate of thousands of new devices per day.
Legal Action Against Glupteba
While the operators behind the Glupteba botnet are unknown, Google suspects that Russian cybercriminals are involved in the campaign. Google took legal action against the Glupteba for infiltrating more than a million computers and other devices worldwide, including the theft and unauthorized use of Google users’ login and account information. Reports suggest that threat actors could leverage the Glupteba botnet to launch ransomware or DDoS attacks.
“Our litigation was filed against the operators of the botnet, who we believe are based in Russia. We filed the action in the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. We also filed a temporary restraining order to bolster our technical disruption effort. If successful, this action will create real legal liability for the operators,” Google added.