On Tuesday, Google disclosed it recently disrupted a massive network of computers infected by Glupteba. The company estimates the malware has infected approximately one million Windows PCs globally, which would make it one of the largest known botnets to date.
A botnet is a network of computers or internet-connected devices all infected by malware that is under the control of a single party. In this case, Google traced Glupteba to at least two individuals based out of Russia. The company is suing them in hopes it will “set a precedent, create legal and liability risks for the botnet operators, and help deter future activity.”
At times, the company says it saw the network grow by about 1,000 devices per day. The malware that adds a computer to the Glupteba botnet is usually found hidden on sketchy websites that offer free software. According to Google, Glupteba’s operators used the malware to steal personal data, mine cryptocurrencies and funnel other internet traffic through the infected machines.
Per The Washington Post, the hackers also used some of Google’s own services to distribute the malware. The company suspended more than 1,000 accounts that had been used to spread Glupteba.
“We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on the Internet,” the company said. “We have teams of analysts and security experts who are dedicated to identifying and stopping issues like DDoS, phishing campaigns, zero-day vulnerabilities, and hacking against Google, our products, and our users.”
Google coordinated with internet infrastructure providers to disrupt the botnet, but warns it has so far only succeeded in stopping it temporarily. Glupteba uses blockchain technology as a failsafe against a complete shutdown. When it doesn’t hear from its owners, the software is programmed to automatically use data encoded on the Bitcoin blockchain for instructions on how to reconnect.
“Unfortunately, Glupteba’s use of blockchain technology as a resiliency mechanism is notable here and is becoming a more common practice among cyber crime organizations,” Google said. “The decentralized nature of blockchain allows the botnet to recover more quickly from disruptions, making them that much harder to shutdown.” The company says it’s working with its partners to make the internet more resilient to such attacks.