Tuesday, April 12, 2011

FBI Acts Against Coreflood Botnet

The U.S. Department of Justice and FBI took action to disrupt the Coreflood botnet, which is believed to have infected some 2 million Windows PCs with keylogging software and other malware.

Specific actions include:

  • The U.S. Attorney's Office for the District of Connecticut has filed a civil complaint against 13 unnamed perpetrators engaged in wire fraud, bank fraud, and illegal interception of electronic communications.

  • Search warrants were obtained for computer servers throughout the country, and a seizure warrant was obtained in U.S. District Court for the District of Connecticut for 29 domain names. Five command and control servers that remotely controlled hundreds of thousands of infected computers were seized, as were 29 domain names used by the Coreflood botnet to communicate with the C & C servers.

  • Investigators obtained a temporary restraining order (TRO), authorizing the government to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running, thereby preventing further harm to hundreds of thousands of unsuspecting users of infected computers in the United States.

Microsoft announced the addition of Win32/Afcore (Coreflood) malware detection in its Malicious Software Removal Tool to help minimize the malware's future impact. Microsoft also created a website to provide information and tools to help people get rid of botnet malware in order to regain control of their computers.

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, Executive Assistant Director of the FBI's Criminal, Cyber, Response and Services Branch. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."http://newhaven.fbi.gov/dojpressrel/pressrel11/nh041311.htmhttp://www.microsoft.com

See also