« Epsilon Break-In... What's the Lowdown? | Main | Epsilon Email Break-In... Updated List of Affected Companies »
04/16/2011
DOJ and FBI flex muscles: Takedown of international botnet
Co-Editor
Paul Roberts from Threat Post brings news in the battle against botnets: The Coreflood Trojan botnet takedown.
The U.S. Department of Justice stated Wednesday that they'd taken steps to disable an international botnet of over 2 million infected PCs. What's significant about this botnet is that it was stealing corporate data including user names and passwords and other financial data.
According to a statement from the U.S. Attorney's office for the District of Connecticut, thirteen defendants were charged in a civil complaint. A total of 29 domain names were seized in a raid connected to malware--code named "coreflood" --on machines attempting to communicate with the command and control servers.
The "coreflood" malware is believed to have been originated out of Russia and has been active for ten years, which is staggering and unbelievable in-and-of itself. The DOJ said it had received a temporary restraining order allowing it to disable the malware.
This crackdown is considered to be one of the largest actions taken by U.S. law enforcement against an international botnet Trojan virus. In the past year, a similar botnet takedown was driven by the private sector (Micrsoft and FireEye).
[Editor's Note: See our prior post: Microsoft Working to Take Down Win32/Rustock Botnet. This crackdown against the "coreflood" malware and command and control servers mirrored the efforts by Dutch authorities that disabled Bredolab botnet back in October.]
According to the U.S. Attorney's office, five command and control servers were halted, plus the 29 domain name sites that communicated to these C&C servers.
The government replaced the C&C servers with substitute servers to prevent Coreflood from causing further injury to the owners and users of infected computers and other third parties.
While the infected machines were not disinfected of the malware, of course, the hope is that security software providers will develop tools to remove the coreflood malware and that victims will update their antivirus definitions.
The comments to this entry are closed.
Comments
You can follow this conversation by subscribing to the comment feed for this post.