Blockchain-based Glupteba Botnet

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week.

The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press sanctions against Google was denied.

The development comes nearly a year after the tech giant took down the malware's command-and-control infrastructure and initiated legal proceedings against Dmitry Starovikov and Alexander Filippov, who are said to have been in charge of running the illegal botnet.


The defendants, along with 15 others, have also been accused of using the malware to create a hacked network of devices to mine cryptocurrencies, harvest victims' personal and financial data, and place disruptive ads.

Gluteba is distinguished from its botnet counterparts by the use of cryptocurrency blockchains as a command-and-control mechanism to withstand disruption. Per Google, the botnet approximately infected more than one million Windows computers worldwide.

"The Glupteba malware [...] instructs infected computers to look for the addresses of its C2 servers by referencing transactions associated with specific accounts on the Bitcoin blockchain," the court order reads.

Starovikov and Filippov, who claim to have worked for a company called Valtron LLC as software engineers, have been charged with attempting to wilfully mislead the court, while also acting with an intent to deprive Google of discoverable information.


A settlement demand made on September 8 shows that the actors asked $1 million each from Google, in addition to $110,000 in attorney's fees, in exchange for providing the private keys for Bitcoin addresses associated with the Glupteba botnet.

The Mountain View-based company, however, rejected the offer, calling it "extortionate," and reported it to law enforcement.

But in a contradictory statement, the defendants walked back on their earlier stance a week later on September 15, asserting that "they had no such information in their possession, and that the Bitcoin accounts were owned by Valtron's CEO."

"It is now clear that the defendants appeared in this Court not to proceed in good faith to defend against Google's claims but with the intent to abuse the court system and discovery rules to reap a profit from Google," District Judge Denise L. Cote said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.