US moves to take out massive botnet
14 April 2011 | 8062 views | 0
The US government has acted to disable a botnet comprised of hundreds of thousands of computers infected with malware that steals financial information from victims.
The Department of Justice and FBI say more than two million computers have been infected with the Coreflood malware, which installs itself by exploiting a vulnerability in PCs running Windows operating systems.
The keylogging software then allows infected computers to be controlled remotely so crooks can obtain private personal and financial information which can be used to steal funds.
In a typical example cited in court filings, Coreflood was used to monitor Internet communications between a user and their bank and then take over an online session to transfer funds to a foreign account.
The DoJ says five control and command (C & C) servers that remotely controlled hundreds of thousands of infected computers have been seized along with 29 domain names used by the botnet to communicate with these servers.
Coreflood is programmed to request directions and commands from C & C servers on a routine basis with new versions of the malware introduced through them in an effort to stay ahead of security software and other virus updates.
However, if the C & C servers do not respond, the old malware continues to run so authorities obtained a temporary restraining order so they could replace the illegal servers with substitute ones.
They then used these to respond to the requests from infected computers in the US with a command that temporarily stops the malware from running.
Meanwhile, the US Attorney's Office for the District of Connecticut has filed a civil complaint against 13 "John Doe" defendants, alleging wire fraud, bank fraud and illegal interception of electronic communications.
Shawn Henry, executive assistant director, criminal, cyber, response and services branch, FBI, says: "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."