Google takes down Russian-based Glupteba botnet

Google takes down Russian-based Glupteba botnet

Google announced that it disrupted the command-and-control infrastructure of Russia-based Glupteba, a blockchain-backed botnet targeting Windows machines.

Google’s Veep of security Royal Hansen and general counsel Halimah DeLaine Prado wrote in a blog post on Tuesday detailing how the company’s Threat Analysis Group tracked Glupteba for months before going into action mode both in a technical and legal sense.

Google filed a lawsuit against the blockchain-enabled botnet (this litigation is the first of its kind) with the hope that legal liability could be created for the botnet operators to be a deterrent for any future cybercriminals.

A temporary blow

The search giant’s Threat Analysis team thinks that Glupteba possibly involves one million compromised Windows devices across the globe. Sometimes, the team observed it grow at a rate of thousands of new devices per day.

Glupteba is known to steal users’ credentials and data, mine cryptocurrencies using infected hosts, and set up proxies that funnel other people’s traffic through infected routers and machines.

Google noted that while it was able to disrupt key Glupteba command and control infrastructure, the action may have only a temporary effect since the group has sophisticated architecture and has recently been sort of upgraded in all kinds of ways to conduct more criminal activity.

Making life harder for hackers

Google believes that the legal action taken will make it harder for the group to take advantage of other devices. The lawsuit names Dmitry Starovikov and Alexander Filippov, while other involved actors remain unknown.

The lawsuit was filed in the Southern District of New York. The named duo is being sued for computer fraud and abuse, trademark infringement, and more.

Google also filed a temporary restraining order in an attempt to create real legal liability for the operators. The botnet may not get taken all the way down (being blockchain-backed and all) but these actions could set a precedent for how to deal with cybercriminals of this kind in the future.