Score one for the good guys this week as the FBI and US Department of Justice unleashed a powerful and quick take down of the “Coreflood” botnet.
Coreflood was a massive international network of more than two million infected computers. Coreflood botnet was used to empty bank accounts, score sensitive corporate data and steal untold financial data.
This is a huge victory as this particular botnet has been in operation for 10 years. This is not just a simple computer virus infection we’re talking about here. This was a systematic capture and drain scheme used to wire transfer money from your account to their account. Attorneys, contractors, small business owners and individuals, were all victims of these thieves.
The Coreflood namesake comes from the well known trojan used by these blood suckers to form the bot-network of infected computers. This Zombie Army with 29 domain names, and 5 command and control servers was slammed to a halt by a fast acting US Attorney’s Office in Connecticut.
The physical seizure of five servers and the accompanying complaints filed on 12 John Does, marks the end of a 10 year crime empire. It’s believed that while the servers and zombies are located here in the US, the real brains of the group are located in Russia. This is the same situation as was noted last month with Microsoft’s takedown of the long hunted Rustock botnet.
In addition to the search warrants issued for the seizure and the criminal complaints that are filed, the US Department of Justice was able to obtain a temporary restraining order allowing it to respond to infected computers within the US and effectively stop them from running. This combining of legal and technical strategies represented a new and innovative approach to rescue the hijacked pcs and crush the server control centers.
According to Assistant Attorney General Lanny A. Breuer of the Criminal Division of the Department of Justice, this innovative and effective approach will continue. “Law enforcement will continue to use innovative and responsible actions in our fight against cyber criminals and at the same time, we urge consumers to ensure they are continually taking prudent measures to guard against harm, including routinely updating anti-virus security protection.”
This is a big victory but don’t think for a minute that Coreflood is completely erased from the Internet. With this monster’s brains located outside of the U.S., you can bet that reconstruction and morphing is already under way. To do your part and preserve your credit cards, savings and checking, be sure you are protected with a good solid realtime antivirus. Make certain it is updated regularly and frequently. In addition, keep your firewall on and use a router.