According to Google, the Glupteba botnet has been targeting Windows machines in order to steal user data and mine cryptocurrency. The network has spread via malware, which is often downloaded and installed from fraudulent download links. The Glupteba operators then sell off the stolen data, which includes credit card information and proxy access that can be used to set up more false links. Direct action is being taken against the Glupteba botnet by coordinating with companies that provide web infrastructure and hosting. Google and its partners (only CloudFlare has been specified) have been taking down infected servers and putting up warning pages in front of malicious web pages. Google also claims that 130 accounts tied to the botnet have been deleted. The hope is that this will wrest control of the network away from its operators, but Google believes it will only be a temporary disruption. To further complicate things for Glupteba’s operators, Google is also filing litigation for fraud, abuse, infringement, and other charges against them. Google’s theory is that the combination of technical and legal pressure will slow the botnet down long enough to build better defenses against it. It’s recommended that, as always, you should exercise caution when following links or downloading software from unfamiliar sources. Google’s Threat Analysis Group has also created a list of associated domains to watch out for.
