Feds take down Coreflood botnet, infected two million computers
The Justice Department said Wednesday that with the help of Microsoft, it and the FBI were able to take down a botnet that had infected nearly two million computers. Controlled by a program called "Coreflood," the virus was stealing personal information including financial data from infected users, and had been operating for close to a decade.
Five control servers and 29 domain names were seized in raids, and charges have been filed against 13 "John Doe" defendants for wire fraud, bank fraud and illegal interception of electronic communications. "John Doe" suits are filed when the plaintiff has not yet identified the defendant in the case, but in this case the defendants are believed to be foreign nationals.
Coreflood infected computers running the Windows operating system, and attempted to steal personal data such as banking passwords in an effort to steal money. The DOJ did not specify how much money may have been pilfered as a result of the operation.
Reports have indicated that losses may exceed $100 million, although there has been no official confirmation.
Courts have granted the Justice Department a restraining order against the Coreflood servers which allow it to send computer commands from government servers in an attempt to shut the network down. The take down of Coreflood is being called the most comprehensive action ever against an international botnet.
"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," FBI Criminal, Cyber, Response and Services assistant executive director Shawn Henry said in a statement.
While Coreflood may be dead, an official with the FBI did tell the Wall Street Journal that another could pop up in its place, unfortunately. Officials stressed that the best defense against becoming a victim of Coreflood or any future botnet is to ensure antivirus software is installed and up to date.