Google has revealed that it has taken action to disrupt a botnet called Glupteba which targets Windows systems and mines cryptocurrencies on infected systems, among other things. The search giant said it’s working with industry to take technical action so the Glupteba operators lose control of their network and it’s taking legal action against those it suspects of running the botnet.
According to Google, the Glupteba botnet is made up of around one million Windows devices around the world and on a good day, it can spread to thousands of new devices. Once it has found itself a new home, the malware gets to work stealing user credentials, mining cryptocurrencies, and setting up proxies to send people’s internet traffic through the infected machines and related routers.
To fight the botnet, Google is working with industry partners and has managed to disrupt some of the ‘key command and control infrastructure’. These actions mean that the operators have lost control of their botnet but Google believes they could regain access later on.
To have a more lasting impact, Google has taken legal action against the apparent organisers via the Southern District of New York. The legal action is being taken on the basis of computer fraud and abuse, trademark infringement, and other claims. Google has also filed for a temporary restraining order to hinder the bad actors while legal proceedings take place.
Google acknowledged that Glupteba’s use of blockchain technology makes it much more resilient when compared with other botnets. It hopes with this action it can help the industry and governments tackle similar botnets in the future.