FBI Takes Down Coreflood Botnet

The Federal Bureau of Investigation has succeeded in disrupting an international cyber crime syndicate; a botnet operation that had affected two million computers.

The FBI announced they seized the servers which had been hosting the botnet, named Coreflood. Coreflood infected people's computers by installing a keylogging program. Keyloggers allow cyber thieves to steal personal and financial information by monitoring and recording users' keystrokes. The infection happens when a user opens a malicious email attachment and the malware is subsequently controlled by the attacker via a remote server.

On top of seizing the computers, the FBI filed a civil complaint in Connecticut against 13 John Doe defendants. The complaint alleges the defendants engaged in wire fraud, bank fraud, and illegal interception of electronic communications.

Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure, Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response, and Services Branch, said in a statement.

These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States, Henry noted, and reflect our commitment to being creative and proactive in making the Internet more secure.

Coreflood only infects Microsoft Windows-based computers. The FBI said even though the botnet has been disabled, many computers will still be infected. As a result the FBI is working with private companies to clean up the mess left by Coreflood.

This is the second major takedown of a botnet in recent weeks. Microsoft said a few weeks ago it had helped take down the Rustock botnet along with law enforcement agents. The Rustock botnet had implemented spam into the computers it was affecting.

Coreflood-infected computers that have not been cleaned up will continue attempts to contact the botnet's servers. They will be met with a temporary stop command to the virus and an alert on the user's Internet service provider (ISP), who will inform the customer that his or her computer is still infected.

Law enforcement will continue to use innovative and responsible actions in our fight against cyber criminals and at the same time, we urge consumers to ensure they are continually taking prudent measures to guard against harm, including routinely updating anti-virus security protection, said Assistant Attorney General Lanny A. Breuer of the Criminal Division of the Department of Justice, in a statement.