Feds claim victory over Coreflood botnet
FBI shuts down anti-botnet project, says it reduced Coreflood by 95%
Computerworld - Federal authorities have declared victory over the Coreflood botnet and shut down the replacement server that the FBI used to issue commands to infected PCs.
The move was the final step in the two-month "Operation Adeona," an attempt to cripple the botnet that originally controlled an estimated 2.3 million compromised computers.
In mid-April, the U.S. Department of Justice (DOJ) and FBI obtained an unprecedented restraining order that allowed them to seize command-and-control (C&C) servers that managed the Coreflood botnet and replace them with a government-controlled system.
The court order also allowed the DOJ and FBI to issue commands using the replacement server that disabled Coreflood on infected PCs. Later, the FBI used the same server to uninstall the malware from 19,000 machines whose owners had given the agency their consent.
On Tuesday, the government closed the civil lawsuit when a federal judge permanently barred 10 "John Does" from operating Coreflood. Authorities did not reveal the names of the defendants.
The substitute server that had been issuing commands to the botnet has also been pulled from the case, said the FBI.
"The continued operation of the substitute server is no longer necessary, under the circumstances, to prevent the Defendants from using the Coreflood botnet in furtherance of their scheme to commit wire fraud and bank fraud and to engage in unauthorized interception of electronic communications," said FBI Special Agent Kenneth Keller in an affidavit filed June 14 with the court.
Keller said the operation had crippled the botnet.
"The size of the Coreflood botnet has been reduced by more than 95% through a combination of victim notification, coordination with Internet service providers and antivirus vendors, and the operation of the substitute server," Keller said.
The FBI had been measuring Coreflood's activity and size through "beacons," the command requests hijacked PCs sent to the government-run C&C server. On April 13, the day after the DOJ and FBI seized the Coreflood servers, the government replacement received 800,000 beacons. By June 8, the number of beacons was barely discernable on an FBI-provided chart.
Keller credited antivirus companies, which were able to distribute detection and deletion signatures when Coreflood was unable to update itself, for helping subdue the botnet.
- Arrests made after international cyber-ring targets StubHub
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
- QuickPoll: Why hasn't Windows XP come under attack from hackers?
- Cybercrime losses top $400 billion worldwide
- U.S., foreign agents disrupt Gamover Zeus botnet
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!