Google Wins Lawsuit against Glupteba Botnet Operators

At the end of last year, Google sued the Russians Dmitry Starovikov and Alexander Filippov, who were accused in creating and operating the Glupteba botnet.

Let me remind you that we also wrote that Google Blocked a DDoS Attack with a Capacity of 46 million Requests per Second.

The Glupteba botnet was first documented in an ESET report back in 2011, and in 2021 it was considered one of the oldest botnets in the world that attacked users in the US, India, Brazil, and the Southeast Asia.

Glupteba only attacked Windows-based systems and relied on cracked or pirated software, as well as pay-per-install schemes for distribution. Having penetrated the device, the malware loaded various modules that could perform specialized tasks.

On compromised machines, Glupteba stole credentials and cookies, mined cryptocurrency, and deployed and operated proxy components targeting Windows systems and IoT devices.

One of the most notorious botnet modules was capable of spreading infection from a Windows computer to MikroTik routers found on internal networks. This particular module is believed to have been used in early 2021 to build the Mēris botnet responsible for some of the largest DDoS attacks.

In December 2021, Google reported removing about 63 million files from Google Docs that Glupteba operators used to distribute their malware, as well as 1,183 Google accounts, 908 cloud projects, and 870 Google Ads accounts that hackers also used to host various parts of their botnet.

It was also highlighted that Google is working with several hosters and internet infrastructure companies (such as Cloudflare) to consider shutting down Glupteba’s command and control servers.

At the time, the company said that even if these actions could not completely stop the botnet, they could prevent its operators from conducting future operations.

Last December, in addition to creating technical problems for Glupteba to operation, Google experts said they were able to identify two Russian citizens who are associated with some deactivated domains and accounts.

In court documents, Google named Dmitry Starovikov and Alexander Filippov as the creators and operators of Glupteba, and 15 other unknown persons as their accomplices. According to the company, they operated several websites where they advertised the capabilities of their botnet. For example, dont.farm, where they sold access to hacked Google and Facebook advertising accounts. It is believed that the hackers obtained the credentials for these accounts through their botnet and later sold the access to other attackers.

As a result, Google filed a lawsuit against the Russians. As part of its lawsuit, Google sought damages, an injunction against the suspects preventing them from interacting with any Google services, and a ruling that Glupteba’s creators violated a number of US laws: the Racketeer Influenced and Corrupt Organizations Act (RICO), the Computer Fraud Act and abuse, the Electronic Communications Privacy Act, the Lanham Act (Federal Trademark Act of 1946), and engaged in improper business interference to obtain illicit enrichment.

This week, the Southern District of New York court ruled in absentia in favour of Google and imposed monetary sanctions on the defendants, as Security Week now reports. In particular, they were ordered to pay Google’s legal costs, which rarely happens.

In addition, during the proceedings, Starovikov and Filippov were repeatedly accused of misleading the court and conducting court cases in bad faith. For example, at first it seemed that they were ready to cooperate, but later the court suspected that the defendants had their own ulterior motives.

Thus, Judge Denise Cote stated that the defendants did not intend to defend themselves against Google in court, but instead planned to abuse the judicial system and disclosure rules in order to obtain information that would help them circumvent Google’s measures to shut down the botnet.

At one point, the defendants even offered the company a settlement agreement under which Google was to pay each of them $1 million and not report them to law enforcement. In exchange, Starovikov and Filippov intended to provide information about bitcoin addresses associated with the botnet, and also had to promise that they would not become involved in any criminal activity in the future. Google rejected this “extortionate offer” and reported it to law enforcement.

As a result, the court says: