Google sued two Russian citizens Dmitry Starovikov and Alexander Filippov for the Glupteba botnet operations. We’ve examined the complaint record and found out that the scheme involves dont.farm, Extracard.net, AWMProxy.net, and other services.
Here’s a link to the civil act: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/1_Complaint.pdf
The bottom line of the scheme is that botnet creators infected Windows computers by deceptive means. Once infected, the botnet’s owners opportunistically leveraged the users’ data. Among other purposes, such as cryptocurrency mining and selling bank card data, the creators of the botnet provided services for marketing specialists and publishers.
There are the following keynotes in the complaint:
- Dont.farm provided users access to Google and other social accounts from infected computers.
- The Extracard.net service provided bank cards to link them to ad accounts. Google failed to charge these cards.
- The owner of QIP.ru named in the complaint claims responsibility for the Extracard.net creation and operation.
- AWMProxy.net rented out IPs of devices infected with Glupteba malware.
- Trafspin.com, an advertising network that was later renamed Push.farm (Google’s assumption based on identical points), was involved as well.