Google Aims to Disrupt Botnet Targeting Windows Machines

It's attacking the Glupteba network both directly, and through litigation

Google has begun to take action against the Glupteba botnet, which is estimated to have infected roughly one million Windows systems so far.

According to Google, the Glupteba botnet has been targeting Windows machines in order to steal user data and mine cryptocurrency. The network has spread via malware, which is often downloaded and installed from fraudulent download links. The Glupteba operators then sell off the stolen data, which includes credit card information and proxy access that can be used to set up more false links.

Glowing red keyboard

Jeff Hardi / Unsplash

Direct action is being taken against the Glupteba botnet by coordinating with companies that provide web infrastructure and hosting. Google and its partners (only CloudFlare has been specified) have been taking down infected servers and putting up warning pages in front of malicious web pages. Google also claims that 130 accounts tied to the botnet have been deleted.

The hope is that this will wrest control of the network away from its operators, but Google believes it will only be a temporary disruption.

Red key, white fingerprint on a black keyboard

Caroline Purser / Getty Images

To further complicate things for Glupteba’s operators, Google is also filing litigation for fraud, abuse, infringement, and other charges against them. Google’s theory is that the combination of technical and legal pressure will slow the botnet down long enough to build better defenses against it.

It’s recommended that, as always, you should exercise caution when following links or downloading software from unfamiliar sources. Google’s Threat Analysis Group has also created a list of associated domains to watch out for.

Was this page helpful?