22 August 2017
Visit http://response.ncr.com

US moves to take out massive botnet

14 April 2011  |  7819 views  |  0 anonymous figure in front of stock exchange

The US government has acted to disable a botnet comprised of hundreds of thousands of computers infected with malware that steals financial information from victims.

The Department of Justice and FBI say more than two million computers have been infected with the Coreflood malware, which installs itself by exploiting a vulnerability in PCs running Windows operating systems.

The keylogging software then allows infected computers to be controlled remotely so crooks can obtain private personal and financial information which can be used to steal funds.

In a typical example cited in court filings, Coreflood was used to monitor Internet communications between a user and their bank and then take over an online session to transfer funds to a foreign account.

The DoJ says five control and command (C & C) servers that remotely controlled hundreds of thousands of infected computers have been seized along with 29 domain names used by the botnet to communicate with these servers.

Coreflood is programmed to request directions and commands from C & C servers on a routine basis with new versions of the malware introduced through them in an effort to stay ahead of security software and other virus updates.

However, if the C & C servers do not respond, the old malware continues to run so authorities obtained a temporary restraining order so they could replace the illegal servers with substitute ones.

They then used these to respond to the requests from infected computers in the US with a command that temporarily stops the malware from running.

Meanwhile, the US Attorney's Office for the District of Connecticut has filed a civil complaint against 13 "John Doe" defendants, alleging wire fraud, bank fraud and illegal interception of electronic communications.

Shawn Henry, executive assistant director, criminal, cyber, response and services branch, FBI, says: "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Cybercrook peddles Zeus source code

Cybercrook peddles Zeus source code

24 March 2011  |  8827 views  |  0 comments
Fannie Mae IT contractor convicted for planting malware bomb

Fannie Mae IT contractor convicted for planting malware bomb

07 October 2010  |  6709 views  |  0 comments
Ukraine arrests key players in $70m Zeus fraud

Ukraine arrests key players in $70m Zeus fraud

04 October 2010  |  8075 views  |  0 comments
US charges dozens over Zeus scam

US charges dozens over Zeus scam

01 October 2010  |  9947 views  |  1 comments
UK-specific Zeus botnet hits 100,000 PCs

UK-specific Zeus botnet hits 100,000 PCs

05 August 2010  |  9516 views  |  0 comments
Spanish police bust massive botnet; arrest three

Spanish police bust massive botnet; arrest three

03 March 2010  |  8575 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.niceactimize.comdownload the paper now

Who is commenting?

A Finextra member Finextra Member Commented on: Real-time payments in...
A Finextra member Finextra Member Commented on: Barclays uses sensors...

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
12231 views comments | 26 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
10751 views comments | 22 tweets | 33 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
10102 views 0 | 6 tweets | 1 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
9991 views comments | 10 tweets | 8 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
9886 views comments | 21 tweets | 34 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job