Earlier this week, Google announced that it had successfully disrupted a botnet that was infecting over 1 million global Windows users.
About the disruption
What exactly is a botnet? Well, according to TechTarget:
“A botnet is a collection of internet-connected devices… that are infected and controlled by a common type of malware, often unbeknownst to their owner. Infected devices are controlled remotely by threat actors, often cybercriminals, and are used for specific functions, yet the malicious operations stay hidden from the user.”
This particular botnet, known as Glupteba, appears to be controlled by Russian actors, and is one of the longest running botnets to date. In a blogpost detailing its recent efforts to halt the operation, two members of Google’s threat analysis group, Shane Huntley and Luca Nagy, discussed the breadth of Google’s latest advances:
“We’ve terminated around 63M Google Docs observed to have distributed Glupteba, 1,183 Google Accounts, 908 Cloud Projects and 870 Google Ads accounts associated with their distribution.”
Google is also coordinating with other web hosting providers and infrastructure companies to deconstruct servers used by Glupteba’s operators.
Still a threat
While Google is taking legal action against the Glupteba actors it believes are responsible for infecting users’ devices, it is unlikely that it will ever be fully dismantled. Google’s actions have reduced Glupteba’s ability to engineer future attacks, but because the botnet utilizes the Bitcoin blockchain to run a back-up command and control system, it will still have access to previously infected systems. Regardless, this victory is an encouraging achievement amidst an internet plagued by ever-increasing botnet activity.