Google today announced the company has taken action against a sophisticated botnet called Glupteba, which targets Windows devices and defends itself using blockchain. It has also launched litigation it believes will set precedent and create legal liability for botnet operators.
The Glupteba botnet currently involves about 1 million compromised Windows machines around the world, a Google investigation revealed. At times, the botnet grows at a rate of thousands of new devices per day. Glupteba is known for stealing credentials and data, mining cryptocurrency on infected devices, and setting up proxies to funnel other people's Internet traffic through compromised machines and routers, Google reports in a blog post.
"We have now disrupted key command and control infrastructure so those operating Glupteba should no longer have control of their botnet — for now," wrote Royal Hansen, vice president of security, and Halimah DeLaine Prado, general counsel.
Google has pursued litigation against the botnet due to its advanced architecture and recent actions its operators have taken to maintain the botnet and scale its operations. The company believes legal action will make it harder for the organizers to take advantage of potential victims. It's believed Glupteba's operators are based in Russia.
The botnet's use of blockchain technology is notable, Google says, and it's becoming common among cybercriminals. Because blockchain is decentralized, it's easier for Glupteba to quickly recover from disruption and tougher for outside parties to shut it down.
Read Google's full blog post for more details.