The U.S. Department of Justice and FBI have disabled Coreflood, a decade-old botnet that's infected more than 2 million private computers, by seizing and replacing five command and control servers and 29 domain names used by the botnet, the Department of Justice said in a press release Wednesday.
Coreflood has compromised numerous victims' bank accounts by stealing their user names, passwords and other personal financial information, the government said. The malware is designed to record keystrokes and control a victim's computer remotely via one of its command and control servers.
The U.S. Attorney's Office for the District of Connecticut filed a civil complaint against 13 "John Doe" defendants alleging that they had committed "wire fraud, bank fraud and illegal interception of electronic communications" and obtained a temporary restraining order to take hold of Coreflood, the statement read.
The temporary restraining order allows U.S. authorities to send each infected computer a command that will shut off the malware's operations, the government said.
This week's unusual move follows a major bust of account-raiding cyber thieves last fall in New York.
"The actions announced today are part of a comprehensive effort by the department to disable an international botnet, while at the same time giving consumers the ability to take necessary steps to protect themselves from this harmful malware," Assistant Attorney General Lanny A. Breuer of the Criminal Division said.
According to reports by Wired, the non-profit organization Internet Systems Consortium would replace the botnet's servers, collect the IP addresses of computers infected by the malware and execute the "stop" commands to the infected computers under government supervision.
The government promised that the Coreflood intervention would not compromise infected computer users' private information, stating, "At no time will law enforcement authorities access any information that may be stored on an affected computer."
Officials said they also would give users the option to opt out of the temporary restraining order should they wish to continue running Coreflood.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Natasha Chilingerian
Natasha Chilingerian has been immersed in the credit union industry for over a decade. She first joined CU Times in 2011 as a freelance writer, and following a two-year hiatus from 2013-2015, during which time she served as a communications specialist for Xceed Financial Credit Union (now Kinecta Federal Credit Union), she re-joined the CU Times team full-time as managing editor. She was promoted to executive editor in 2019. In the earlier days of her career, Chilingerian focused on news and lifestyle journalism, serving as a writer and editor for numerous regional publications in Oregon, Louisiana, South Carolina and the San Francisco Bay Area. In addition, she holds experience in marketing copywriting for companies in the finance and technology space. At CU Times, she covers People and Community news, cybersecurity, fintech partnerships, marketing, workplace culture, leadership, DEI, branch strategies, digital banking and more. She currently works remotely and splits her time between Southern California and Portland, Ore.
