iTnews

FBI hijacks Coreflood botnet

By Liam Tung on Apr 14, 2011 7:07AM
FBI hijacks Coreflood botnet

Swaps command servers with their own.

US authorities claim to have replaced the command and control servers of the Coreflood botnet with their own kit in an effort to weaken the impact of the decade-old threat.

The US Department of Justice (DOJ) and the FBI seized five command and control servers and 29 domain names used by the botnet, according to a statement issued Wednesday. 

Authorities were granted permission to swap the servers after gaining a temporary restraining order (TRO) on the machines hosting the software. It was hoped authorities could thus prevent the botnet's operators from updating software on victim systems and continue to avoid detection by antivirus vendors.

"The TRO authorises the government to respond to these requests from infected computers in the United States with a command that temporarily stops the malware from running on the infected computer," the DOJ said.  

Coreflood, one of the oldest botnets in continuous operation, was unique, according to Joe Stewart, director of research for Dell SecureWorks. 

Motives have morphed over time - from simple DDoS to selling anonymity services and even to bank fraud. Over the course of the decade, Coreflood has infected businesses, hospitals, government and a state police agency.

The botnet was capable of infecting an entire domain in one hit and used a MySQL database to track infections, according to Stewart, who uncovered a 50GB database of stolen credentials the botnet had collected in the two years to 2008.  

The DOJ and FBI intend on contacting individuals running Coreflood-infected computers and advising them to remove the malware. However, owners can also choose to “opt-out”.

“At no time will law enforcement authorities access any information that may be stored on an infected computer,” the statement said. 

In a similar fashion to Microsoft’s takedown of the Rustock and Waledac botnets, the US Attorney’s Office for the District of Connecticut filed a civil complaint against 13 “John Doe” defendants. The office alleged the defendants had engaged in wire fraud, bank fraud and illegal interception of electronic communications. 

The office noted that in one case, Coreflood was used to take over an online banking session and caused the fraudulent transfer of funds to a foreign account. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
and botnet command control coreflood fbi joe networking secureworks security server stewart
In Partnership With
By Liam Tung
Apr 14 2011
7:07AM
0 Comments

Related Articles

  • Interpol plans to condemn encryption spread, citing predators, sources say
  • Bunnings goes two track in online assault
  • White House considered kicking Huawei out of US banking system
  • Russia blocks Shutterstock domain for 'insulting state symbols'
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co shows its top user now hits 26TB a month

NBN Co shows its top user now hits 26TB a month

ATO moves to break up $1bn Optus megadeal

ATO moves to break up $1bn Optus megadeal

Inside Infosys' complex Centrelink payments calculator overhaul

Inside Infosys' complex Centrelink payments calculator overhaul

Infosys wins massive Centrelink payments engine deal

Infosys wins massive Centrelink payments engine deal

You must be a registered member of iTnews to post a comment.
Log In | Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should  reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

  • Gartner Data & Analytics Summit
  • 2nd Data Governance & Management Summit Melbourne
  • 3rd Intelligent Automation Sydney Summit
  • Cyber Security for Higher Education
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.