FBI tackles Coreflood botnet infecting 2.3 million PCs


The Department of Justice and FBI have scored a big victory against a major international cyber theft ring suspected of stealing more than $100 million.

The thieves used malware called Coreflood to form a network of 2.3 million remotely controlled zombie pcs, also known as a botnet. The botnet snagged banking credentials and other sensitive data, which was used to steal large amounts of funds through wire and bank fraud. The botnet’s growth spans over a decade.

More than half of those computers were located within the United States, though the culprits are thought to be from overseas, possibly Russia, according to the director of research at the SAN institute, Alan Paller. A Michigan real estate company and North Carolina investment company both lost over $100,000, but the extent of how widespread the losses are isn’t fully known yet due to the large quantity of data stolen.

The Coreflood botnet was taken down by U.S. government programmers yesterday. The Department of Justice and the FBI took control of five servers used for botnet command, and also seized 29 domains. Government programmers instructed the infected PCs to stop what they were doing and shut down.

Those worried about their own infection have little recourse but to wait it out. Government officials are working with service providers to determine which computers have been infected. The FBI and Department of Justice have stated law enforcement has no authority to access data on infected computers once identified.

This Coreflood botnet comes at the heels of the slightly larger Rustock botnet – said to be responsible for close to half of the global spam – gone silent in March.