Google has filed what it claims to be the first ever lawsuit against a blockchain-based botnet, in a bid to ramp-up the pressure on its likely Russian administrators.
Glupteba is comprised of around one million compromised Windows PCs around the world, with thousands of new machines sometimes added in a day, the tech giant said in a blog post. It’s used to steal victims’ credentials and data, mine for cryptocurrency and use proxies to hide the location of attacks.
The Glupteba malware is said to distributed through pay per install (PPI) networks and via traffic purchased from traffic distribution systems (TDS).
In a separate blog, Google explained how it had taken action to disrupt the botnet’s command-and-control infrastructure.
However, the threat actors’ use of blockchain complicates matters, as the decentralized nature of the technology allows them to recover more quickly from shutdowns and disruptions, Google said.
That’s why it has also taken to the courts, whilst working on ways to improve the fight against blockchain-based botnets.
“Due to Glupteba’s sophisticated architecture and the recent actions that its organizers have taken to maintain the botnet, scale its operations, and conduct widespread criminal activity, we have also decided to take legal action against its operators, which we believe will make it harder for them to take advantage of unsuspecting users,” wrote VP of security Royal Hansen, and general counsel, Halimah DeLaine Prado.
“Our litigation was filed against the operators of the botnet, who we believe are based in Russia. We filed the action in the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. We also filed a temporary restraining order to bolster our technical disruption effort. If successful, this action will create real legal liability for the operators.”
If the botnet herders are indeed based in Russia, it remains to be seen how effective legal action is.
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine