20 April 2018
visit www.nextgenbanking.co.uk

US moves to take out massive botnet

14 April 2011  |  8062 views  |  0 anonymous figure in front of stock exchange

The US government has acted to disable a botnet comprised of hundreds of thousands of computers infected with malware that steals financial information from victims.

The Department of Justice and FBI say more than two million computers have been infected with the Coreflood malware, which installs itself by exploiting a vulnerability in PCs running Windows operating systems.

The keylogging software then allows infected computers to be controlled remotely so crooks can obtain private personal and financial information which can be used to steal funds.

In a typical example cited in court filings, Coreflood was used to monitor Internet communications between a user and their bank and then take over an online session to transfer funds to a foreign account.

The DoJ says five control and command (C & C) servers that remotely controlled hundreds of thousands of infected computers have been seized along with 29 domain names used by the botnet to communicate with these servers.

Coreflood is programmed to request directions and commands from C & C servers on a routine basis with new versions of the malware introduced through them in an effort to stay ahead of security software and other virus updates.

However, if the C & C servers do not respond, the old malware continues to run so authorities obtained a temporary restraining order so they could replace the illegal servers with substitute ones.

They then used these to respond to the requests from infected computers in the US with a command that temporarily stops the malware from running.

Meanwhile, the US Attorney's Office for the District of Connecticut has filed a civil complaint against 13 "John Doe" defendants, alleging wire fraud, bank fraud and illegal interception of electronic communications.

Shawn Henry, executive assistant director, criminal, cyber, response and services branch, FBI, says: "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Cybercrook peddles Zeus source code

Cybercrook peddles Zeus source code

24 March 2011  |  9044 views  |  0 comments
Fannie Mae IT contractor convicted for planting malware bomb

Fannie Mae IT contractor convicted for planting malware bomb

07 October 2010  |  6825 views  |  0 comments
Ukraine arrests key players in $70m Zeus fraud

Ukraine arrests key players in $70m Zeus fraud

04 October 2010  |  8256 views  |  0 comments
US charges dozens over Zeus scam

US charges dozens over Zeus scam

01 October 2010  |  10068 views  |  1 comments
UK-specific Zeus botnet hits 100,000 PCs

UK-specific Zeus botnet hits 100,000 PCs

05 August 2010  |  9646 views  |  0 comments
Spanish police bust massive botnet; arrest three

Spanish police bust massive botnet; arrest three

03 March 2010  |  8799 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comVisit http://wup.digitalVisit www.nextgenbanking.co.uk

Top topics

Most viewed Most shared
Revolut launches spare change savings toolRevolut launches spare change savings tool
9480 views comments | 14 tweets | 19 linkedin
TransferWise becomes first non-bank to open settlement account with BofE RTGSTransferWise becomes first non-bank to ope...
8409 views comments | 17 tweets | 30 linkedin
Barclays Bank sets up tech venture unitBarclays Bank sets up tech venture unit
8253 views comments | 16 tweets | 22 linkedin
Goldman Sachs acquires PFM startup Clarity MoneyGoldman Sachs acquires PFM startup Clarity...
7839 views comments | 9 tweets | 10 linkedin

Featured job

Basic c. EUR 90K OTE c. EUR 180K plus full bene...
Paris (preferred) or London

Find your next job