Feds Take 'Coreflood Botnet': 'Zombie' Army May Have Infected 2 Million Computers, Stolen Hundreds of Millions of Dollars


According to Justice Department officials, the server that will seek to counter Coreflood will be run by the Internet Systems Consortium, a non-profit group that works on Internet infrastructure and security issues.

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," Shawn Henry, the FBI's executive assistant director of the bureau's Criminal, Cyber, Response and Services Branch, said in a prepared statement.

How to Clean Your Computer

FBI officials say that Coreflood program still will be present on victims' computers, but those victims can take action to remove the malicious software through proper security measures.

In a press release today DOJ noted, "The public may go to the following sites operated by U.S. Computer Emergency Readiness Team (CERT) and the Federal Trade Commission, respectively: us-cert.gov/nav/nt01 and onguardonline.gov/topics/malware.aspx."

Microsoft also has developed malicious software removal tools to remove botnets including Coreflood.

"In coordination with the FBI, the Microsoft Malware Protection Center has added Win32/Afcore (Coreflood) malware detection in our Malicious Software Removal Tool to help minimize the malware's future impact," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. "Please see the MMPC blog for more technical information about the Win32/Afcore malware."

Coreflood Botnet Believed Based in Russia

Although FBI officials declined to say where the Coreflood botnet originated, previous media reports and cyber-security experts have traced it to cyber criminal gangs in Russia.

Researchers at Dell SecureWorks claim they were the first to trace Coreflood to a computer crime ring from Russia.

Testifying before the Senate Judiciary Committee on Tuesday, Gordon Snow, the assistant director of the FBI's Cyber Division, spelled out how Russia and Eastern Europe were a hot-bed of computer crime.

"On the criminal side, a majority of the attacks [are] coming from the individuals that are located in Russia, obviously different from the Russian state, and Eastern European countries," Snow said. "We see a very strong network of a cyber underground very closely associated, with almost an eBay or an Amazon-type system. ... Once you receive a service from one of these cyber criminals ... [they are] are able to just combine together in chat rooms in this cyber underground ... [and] allowed to buy different pieces that they need to carry out the attack."

In 2009, the FBI established a working group called the Botnet Threat Focus Cell that works with other law enforcement and private computer security experts. The cell was designed to deal with new avenues of cybercrime in which hackers have used botnets to take over hundreds to millions of computers.

The Botnet Threat Focus Cell worked on the Coreflood case and recently worked on the "King of Spam" case, in which a Russian man sent more than a 1 billion spam messages, and the "Mariposa" botnet, which infected more than 12.7 million computers, including half of the companies in the Fortune 1,000 list.

  • 1
  • |
  • 2
  • |
  • 3
Join the Discussion
blog comments powered by Disqus
You Might Also Like...