US feds shut down Coreflood botnet

FBI and DoJ take down infected PCs with help from Microsoft

Law enforcement agencies in the US have claimed a major victory against organised cyber crime by crippling a botnet comprising about two million infected PCs that is thought to be behind the theft of more than $100m (£61m).

The FBI announced yesterday that its agents have seized and removed five command-and-control servers, as well as 29 domain names used by the Coreflood botnet, which first surfaced in 2003.

According to Computing sister web site V3.co.uk, the servers have been replaced by systems that shut down the malware when infected PCs update themselves, and security firms will be informed of the latest Coreflood signature files.

The operation to shut down Coreflood is the first time US law enforcement has seized control over a botnet and used that authority to send instructions to computers belonging to victims, according to court papers.

In addition to the seizures, a legal case was filed in Connecticut against 13 unnamed operators of the botnet on charges of wire fraud, bank fraud and illegal interception of electronic communications.

"The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said US attorney David B Fein for the District of Connecticut.

"I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."

Microsoft worked closely with US law enforcement to take down Coreflood.

The US Department of Justice said that the botnet had been used to harvest financial data and steal from internet users, citing three cases in which over $100,000 had been lost by individuals.

"Botnets and the cyber criminals who deploy them jeopardise the economic security of the US and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services branch.

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the US and reflect our commitment to being creative and proactive in making the internet more secure."