FBI Takes Down Infamous Coreflood Botnet

Dennis Faas's picture

The Federal Bureau of Investigation (FBI) has made two announcements about successful operations against online bandits. The first is a near-complete takedown of a widespread virus, while the second is a series of arrests and seizures relating to two separate cybercrime gangs responsible for scareware scams.

The virus in question had allowed criminals to set up a botnet. In short, a botnet is a large network of virus-infected PCs which is remotely controlled by one or a few individuals. The infected PCs are typically used to attack websites, send spam (unsolicited bulk email) to users around the world, or steal personal information.

Feds Take Down Coreflood Botnet

The FBI went after the Coreflood botnet through a combination of legal and direct actions.

It successfully sought a court ruling that allowed it to take control of the website addresses that the infected machines were contacting for instructions. It then issued a final command to the infected machines, which essentially made them stop responding to future instructions.

While the criminals will almost certainly have begun work on setting up new command-and-control servers, the move bought enough time for a clean-up operation to remove the virus from infected computers and thus remove them from the network.

19,000 Computers Infected, then Cleaned by Remote

As well as contacting some users directly, the FBI passed IP addresses of machines known to be infected to Internet Service Providers (ISPs), who used that information to identify and contact customers.

Officials have also remotely deleted the virus from machines with the permission of users, issuing a total of 19,000 such uninstall commands.

The total activity of the botnet has dropped by around 95 per cent since the beginning of the operation and the FBI says the remaining cases are not practical to treat without unnecessarily drastic measures. (Source: krebsonsecurity.com)

Scareware Scams Users out of $72 Million

Meanwhile, the FBI has also coordinated an international effort to crack down on scareware scammers. It's a campaign that has included the arrest of two men in Latvia and the seizure of more than 40 computers and servers.

Both gangs were involved in peddling bogus security software to users that had been tricked into believing their computers had viruses. The first gang used bogus websites to target users and took in $72 million, which is believed to have come from almost a million victims.

The second gang made around $2 million, using a twist on the same scam. Rather than set up websites, they placed advertising on a newspaper's website, then later changed the code so that visitors to the newspaper were met with the malicious software that allegedly scanned their machines and found a virus. (Source: fbi.gov)

Rate this article: 
No votes yet