Feds Go After International Botnet Ring
The U.S. government announced legal actions against the Coreflood botnet on Wednesday, and is seeking to prosecute those involved.
The actions stem from a joint operation between the U.S. Department of Justice and the Federal Bureau of Investigation to bring down the Coreflood botnet, which operates internationally. The government filed 13 civil complaints, including temporary restraining orders and criminal seizure warrants, against unidentified individuals associated with the malware ring.
Five command and control servers and 29 U.S. registered domain names associated with the group have already been seized since the joint task force went into action. The DoJ is now working with foreign government officials to apprehend the 13 individuals targeted.
The action was characterized as a new initiative by a spokesperson for the FBI.
"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."
According to a court-filed report by the FBI, the Coreflood botnet ring is believed to have been in operation for over 10 years, infecting approximately 2.3 million computers (1.86 million in the United States). The aim of the ring is to steal money by recording user keystrokes on infected computers, gaining access to user names, passwords and other private information.
Coreflood's command and control servers allowed the ring to remotely access computers infected with its malware. It also allowed them to manually update the malware and stay ahead of a user's antivirus or other security programs.
As part of the restraining order, a command was sent to infected systems to halt the communication and transfer capabilities of the malware, which would allow security firms time to update software and safely remove the viruses.
"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said U.S. Attorney David B. Fein for the District of Connecticut. "I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."