DoJ, FBI disable massive Coreflood botnet

Share this article:
The U.S. Department of Justice (DoJ) has filed a civil complaint against 13 "John Doe" defendants as part of an effort to disable a massive fraud operation involving the decade-old Coreflood botnet, the agency announced Wednesday.

In what it called the most “complete and comprehensive” actions ever taken to dismantle an international botnet, the department, in conjunction with the FBI, also seized five command-and-control (C&C) servers used to remotely manage hundreds of thousands of infected computers.

In addition, authorities took control of 29 domain names used by the Coreflood botnet to communicate with these C&C servers, effectively disabling the enormous network of compromised machines, prosecutors said.

According to court documents, Coreflood is a type of malware that records keystrokes and steals usernames, passwords and other personal and financial information. It is used to pilfer funds from compromised bank accounts and to carry out other crimes.

More than two million computers worldwide are believed to be infected with the Coreflood trojan.

“The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” David Fein, U.S. attorney for Connecticut, said in a statement. 

The defendants referenced in the civil complaint allegedly engaged in wire fraud, bank fraud and illegal interception of electronic communications as part of the scheme.

To disable the botnet and minimize its impact, federal authorities obtained a temporary restraining order to replace the illegal C&C servers with substitute servers, prosecutors said.

The restraining order also authorizes law enforcement to temporarily stop the malware from running on currently infected computers, giving anti-virus makers time to update their signatures and removal tools so the latest version of the trojan permanently can be eradicated from infected computers.

Authorities will work with internet service providers to notify victims that they have the malware running on their machines.

“At no time will law enforcement authorities access any information that may be stored on an infected computer,” the department said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.