Glupteba and his PC Zombies: Google deals a fatal blow to the botnet
Glupteba can easily be considered a legend in his field since it is a botnet that has been around for over 10 years. Remember that a botnet is a kind of horde of “PC zombies” connected together who work together to create income and infect other victims. Glupteba is also the name of the Trojan horse (trojan) at the origin of the first contamination … in 2011.
The most surprising thing is that it continues to do damage. It hides in different forms, especially in installable programs, advertisements or video files. The sneaky can then wreak havoc on your computer. Theft of passwords, browser history or your cookies are some of these potential harms, as is hacking your webcam or microphone. Victims can thus find themselves subscribed without warning to expensive programs or simply have their bank cards used to make online purchases. He can even mine cryptocurrency on infected hosts, but what works well with Glupteba is reselling virtual machines stuffed with stolen Facebook or Google accounts. These accounts are then used to promote fraudulent advertising and lay traps for even more users.
Good news for general security: Glupteba would have been severely destabilized today.
For example, per Google, this is a website where the Glupteba gang sells access to compromised Google and Facebook advertising accounts pic.twitter.com/Og92XsqXVI
– Catalin Cimpanu (@campuscodi) December 7, 2021
The Bot in touch?
Google cybercrime experts have indeed announced that they have undertaken actions to counter and eradicate Glupteba. And the first echoes of this robot hunt are rather encouraging as to the gradual disappearance of the malware. At present, Google would have succeeded in rendering the network of infected devices inoperative, with the consequence that hackers no longer have access to it. It is argued that this blockage affects around a million machines running Windows. In its large Glupteba network cleaning company, Google erased nearly 63 million documents that had taken refuge on Google Docs, as well as more than 1,100 Google profiles that were used to propagate the botnet on the web. The clean-up also involved 908 cloud projects, as well as 870 Google Ads accounts that shamelessly distributed the malware.
However, caution is required as a response from cybercriminals is expected, as the statement from Google confides:
Glupteba operators will certainly try to regain control over the botnet through safeguards and control mechanisms.
Because Glupteba is not a program like the others since it uses the blockchain to function.
The world on the rebound?
The creators of the malware have indeed developed a backup mechanism that uses a technology that has been getting a lot of talk lately: the Bitcoin blockchain ! This allows it to rebound very quickly in the event of interruptions. Complicated in these cases to really stop it permanently. However, this difficulty does not give the impression of putting off the experts at Google, desperate to put an end to the spread of Glupteba:
We are working closely with industry and government to combat this type of behavior, so that even if Glupteba returns, the internet will be better protected against it.
In this sense, the American firm has already launched legal action against Dmitry Starovikov and Alexander Filippov, two Russian cybercriminals who are said to be the main instigators of this large-scale fraud. A first against a botnet using the blockchain.