Feds claim victory over Coreflood botnet
FBI shuts down anti-botnet project, says it reduced Coreflood by 95%
Computerworld - Federal authorities have declared victory over the Coreflood botnet and shut down the replacement server that the FBI used to issue commands to infected PCs.
The move was the final step in the two-month "Operation Adeona," an attempt to cripple the botnet that originally controlled an estimated 2.3 million compromised computers.
In mid-April, the U.S. Department of Justice (DOJ) and FBI obtained an unprecedented restraining order that allowed them to seize command-and-control (C&C) servers that managed the Coreflood botnet and replace them with a government-controlled system.
The court order also allowed the DOJ and FBI to issue commands using the replacement server that disabled Coreflood on infected PCs. Later, the FBI used the same server to uninstall the malware from 19,000 machines whose owners had given the agency their consent.
On Tuesday, the government closed the civil lawsuit when a federal judge permanently barred 10 "John Does" from operating Coreflood. Authorities did not reveal the names of the defendants.
The substitute server that had been issuing commands to the botnet has also been pulled from the case, said the FBI.
"The continued operation of the substitute server is no longer necessary, under the circumstances, to prevent the Defendants from using the Coreflood botnet in furtherance of their scheme to commit wire fraud and bank fraud and to engage in unauthorized interception of electronic communications," said FBI Special Agent Kenneth Keller in an affidavit filed June 14 with the court.
Keller said the operation had crippled the botnet.
"The size of the Coreflood botnet has been reduced by more than 95% through a combination of victim notification, coordination with Internet service providers and antivirus vendors, and the operation of the substitute server," Keller said.
The FBI had been measuring Coreflood's activity and size through "beacons," the command requests hijacked PCs sent to the government-run C&C server. On April 13, the day after the DOJ and FBI seized the Coreflood servers, the government replacement received 800,000 beacons. By June 8, the number of beacons was barely discernable on an FBI-provided chart.
Keller credited antivirus companies, which were able to distribute detection and deletion signatures when Coreflood was unable to update itself, for helping subdue the botnet.
- Kicking the stool out from under the cybercrime economy
- Chinese man indicted over theft of Boeing C-17 secrets
- The making of a cybercrime market
- Arrests made after international cyber-ring targets StubHub
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!