Security Bytes

Apr 13 2011   11:11PM GMT

DOJ and FBI shut down massive Coreflood botnet

Marcia Savage Marcia Savage Profile: Marcia Savage

The U.S. Department of Justice and FBI said they disabled a massive, international botnet that snatched user names, passwords and financial information used by criminals to steal money.

The Coreflood botnet is believed to have operated for nearly a decade and to have infected more than two million computers worldwide, they said.

In the action announced Wednesday, federal authorities seized five command-and-control servers and 29 domain names used by the botnet. The government also filed a civil complaint against 13 “John Doe” defendants, alleging wire fraud, bankfraud and illegal interception of electronic communications. In addition, the U.S. obtained a temporary restraining order that authorizes it to replace the C&C servers with substitute servers to prevent further infection to the compromised computers.

“These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure,” Shawn Henry, executive assistant director of the FBI’s Criminal, Cyber, Response and Services branch, said in a prepared statement.

“It appears the cybercriminals behind Coreflood were able to turn the botnet into a money-making machine. It is hard to estimate the actual loot, but the criminals likely made tens of millions of dollars, based on the estimates in the complaint filed by the Department of Justice,” Dave Marcus, McAfee Labs research and communications director, said in an email. “It is not outside of the realm of possibility that they netted more than US$100 million. The attackers were collecting personal information including bank account details over a period of time.”

While the U.S. action completely disables the existing Coreflood botnet, it doesn’t stop criminals from trying to build another botnet using a different version of the Coreflood malware, authorities warned.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: