Google on Tuesday said it took steps to disrupt the operations of a sophisticated “multi-component” botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin’s blockchain as a resilience mechanism.
As part of the efforts, Google’s Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group over the past year to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution.
Google TAG further said it worked with internet infrastructure providers and hosting providers, such as CloudFlare, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains.
In tandem, the internet giant also announced a lawsuit against two Russian individuals, Dmitry Starovikov and Alexander Filippov, who are alleged to be responsible for managing the botnet alongside 15 unnamed defendants, calling the enterprise a “modern technological and borderless incarnation of organized crime.”
images from Hacker News