The U.S. Department of Justice and FBI have disabled Coreflood,a decade-old botnet that's infected more than 2 million privatecomputers, by seizing and replacing five command and controlservers and 29 domain names used by the botnet, the Department ofJustice said in an April 13 press release.
|Coreflood has compromised numerous victims' bank accounts bystealing their user names, passwords and other personal financialinformation, the government said. The malware is designed to recordkeystrokes and control a victim's computer remotely via one of itscommand and control servers.
|Targeted accounts include payment cards serviced by creditunions, Dell SecureWorks Director of Threat Intelligence DonJackson said. He added that Coreflood operators also reached someCUs by infecting the machines of companies and organizations theywere chartered to serve.
|The U.S. Attorney's Office for the District of Connecticut fileda civil complaint dated April 11 against 13 “John Doe” defendantsalleging that they had committed “wire fraud, bank fraud andillegal interception of electronic communications” and obtained atemporary restraining order to seize Coreflood, the statementread.
|The temporary restraining order, which the FBI New Haven FieldOffice posted on its website,allows U.S. authorities to send each infected computer a commandthat will shut off the malware's operations. It also gave officialspermission to set up a replacement server at Internet hostingprovider Internet Systems Consortium from which they could executethe stop commands.
|The first-of-its-kind government move followsa major bust of account-raiding cyber thieves last fall in New York, who were arrested for using Zeus Trojanmalware to steal at least $3 million from bank accounts.
|“The actions announced today are part of a comprehensive effortby the department to disable an international botnet, while at thesame time giving consumers the ability to take necessary steps toprotect themselves from this harmful malware,” Assistant AttorneyGeneral Lanny A. Breuer of the Criminal Division said in thestatement.
|The government promised that the Coreflood intervention wouldnot compromise infected computer users' private information,stating, “At no time will law enforcement authorities access anyinformation that may be stored on an affected computer.”
|Officials also said it would give users the option to opt out ofthe temporary restraining order should they wish for some reason tocontinue running Coreflood on their computers.
|Jackson said many experts agree the government takedown wassuccessful and well thought-out, and that it set an example for apromising new response model.
|“All options regarding the interaction with infected computerswere carefully analyzed for possible unintended consequences, andsound decisions were made to protect the owners and users at allcost,” Jackson said. “Evidence suggests that the same inscrutableattention to detail was given to legal and political issues aswell, not just the technical ones.”
|He explained that Coreflood operators affected credit unions bystealing data from companies and organizations with a large numberof employees belonging to the same credit union.
|“Let's say a credit union is chartered to serve telephonecompany employees and the office network inside the telephonecompany headquarters–staffed by 5,000 credit union members–isinfected by Coreflood,” Jackson gave as an example. “That creditunion is likely to be disproportionately affected by relatedfraud.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.