FBI hijacks Coreflood botnet

By Liam Tung on Apr 14, 2011 7:07 AM
Filed under Networking
 

Swaps command servers with their own.

US authorities claim to have replaced the command and control servers of the Coreflood botnet with their own kit in an effort to weaken the impact of the decade-old threat.

The US Department of Justice (DOJ) and the FBI seized five command and control servers and 29 domain names used by the botnet, according to a statement issued Wednesday. 

Authorities were granted permission to swap the servers after gaining a temporary restraining order (TRO) on the machines hosting the software. It was hoped authorities could thus prevent the botnet's operators from updating software on victim systems and continue to avoid detection by antivirus vendors.

"The TRO authorises the government to respond to these requests from infected computers in the United States with a command that temporarily stops the malware from running on the infected computer," the DOJ said.  

Coreflood, one of the oldest botnets in continuous operation, was unique, according to Joe Stewart, director of research for Dell SecureWorks. 

Motives have morphed over time - from simple DDoS to selling anonymity services and even to bank fraud. Over the course of the decade, Coreflood has infected businesses, hospitals, government and a state police agency.

The botnet was capable of infecting an entire domain in one hit and used a MySQL database to track infections, according to Stewart, who uncovered a 50GB database of stolen credentials the botnet had collected in the two years to 2008.  

The DOJ and FBI intend on contacting individuals running Coreflood-infected computers and advising them to remove the malware. However, owners can also choose to “opt-out”.

At no time will law enforcement authorities access any information that may be stored on an infected computer,” the statement said. 

In a similar fashion to Microsoft’s takedown of the Rustock and Waledac botnets, the US Attorney’s Office for the District of Connecticut filed a civil complaint against 13 “John Doe” defendants. The office alleged the defendants had engaged in wire fraud, bank fraud and illegal interception of electronic communications. 

The office noted that in one case, Coreflood was used to take over an online banking session and caused the fraudulent transfer of funds to a foreign account. 

Copyright © iTnews.com.au . All rights reserved.


FBI hijacks Coreflood botnet
Tags
botnet, fbi, server, command, control, coreflood, secureworks, joe, stewart
Related Articles
Breaking Stories
 
 
 
 
Top Stories
Photos: HTC One vs Samsung Galaxy S4
Photos: HTC One vs Samsung Galaxy S4
Android giants battle it out.
 
Project management lessons from the QLD Health payroll inquiry
Project management lessons from the QLD Health payroll inquiry
Analysis: How not to run a major IT project.
 
Review: Asus Fonepad
Review: Asus Fonepad
Calling on the Big Phone.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Bankwest builds continuous delivery capability
Bankwest builds continuous delivery capability
To automatically deploy test/dev sandboxes by mid-year.
Veterans' Affairs sets sights on modernisation
Veterans' Affairs sets sights on modernisation
Data safe with Human Services, CIO says.
Citi Australia drops platform customisations
Citi Australia drops platform customisations
Technology chief shifts focus from building to leveraging systems.
VicRoads restructures IT team
VicRoads restructures IT team
Department moves to align with industry benchmarks.
Zurich Australia extends IT team offshore
Zurich Australia extends IT team offshore
Malaysian staff served from Australian data centres.
Leigh Berrell - Utilities CIO of the Year
Leigh Berrell - Utilities CIO of the Year
Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.
Wayne McMahon - Retail CIO of the Year
Wayne McMahon - Retail CIO of the Year
Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.
Inside Perpetual's ongoing IT transformation
Inside Perpetual's ongoing IT transformation
CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".
Managing Complexity - Defence's Daniel McCabe
Managing Complexity - Defence's Daniel McCabe
Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.
How Facebook designed the data centre from scratch - Marco Magarelli
How Facebook designed the data centre from scratch - Marco Magarelli
The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.
Modernising Legacy Data Centres - Telstra's Jon Curry
Modernising Legacy Data Centres - Telstra's Jon Curry
Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.
NSW Government launches NABERS data centre rating tools
NSW Government launches NABERS data centre rating tools
Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.
NABERS launch panel: Australian Data Centre Strategy Summit
NABERS launch panel: Australian Data Centre Strategy Summit
Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.
Judges notes: Fortescue Metals [The Benchmark Awards]
Judges notes: Fortescue Metals [The Benchmark Awards]
iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Retail [The Benchmark Awards]
Judges notes: Retail [The Benchmark Awards]
iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: Pacific Aluminium [The Benchmark Awards]
Judges notes: Pacific Aluminium [The Benchmark Awards]
iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Domino's Pizza [The Benchmark Awards]
Judges notes: Domino's Pizza [The Benchmark Awards]
iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: McDonald's Australia [The Benchmark Awards]
Judges notes: McDonald's Australia [The Benchmark Awards]
iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: ING Direct [The Benchmark Awards]
Judges notes: ING Direct [The Benchmark Awards]
iTnews' panel of judges discuss ING Direct's 'Bank in a Box', one of three shortlisted finalists for the banking and finance category of the CIO Benchmark Awards.
Judges notes: Yarra Valley Water [The Benchmark Awards]
Judges notes: Yarra Valley Water [The Benchmark Awards]
iTnews' panel of judges discuss Yarra Valley Water's insourcing project, one of three shortlisted finalists for the Utilities category of the CIO Benchmark Awards.
Latest Comments
Powered by Disqus
Polls
Do you prefer the Coalition's NBN policy?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 1669

Vote
view previous polls »