The legal actions are part of the “most complete and comprehensive enforcement action ever taken by U.S. authorities to disable an international botnet,” according to a statement from the Department of Justice. A botnet is a group of computers that have been compromised and are being remotely controlled by attackers, typically to send spam or attack other computers.
In this case the malware, called “Coreflood,” records keystrokes and private communications, enabling it to steal usernames, passwords, and other private personal and financial information. Once a computer is infected with Coreflood, the malware communicates with a command-and-control server, allowing it to remotely control the compromised computer. The botnet is believed to have infected more than 2 million Windows-based computers worldwide in nearly 10 years.
Prosecutors allege that data stolen by the malware has been used to steal funds from victims’ accounts. In at least one case, the malware enabled attackers to take over an online banking session a victim was in the middle of and transfer money to a foreign account, according to court filings.
The U.S. Attorney’s office in the district of Connecticut has filed a civil complaint against 13 “John Doe,” or unknown, defendants accusing them of wire fraud, bank fraud, and illegal interception of electronic communications. To shut down the botnet and stop it from spreading further, the Justice Department seized five command-and-control servers and 29 domain names used by the bots to communicate with the servers.
To put a halt to the botnet’s damage to already infected computers, officials have obtained a temporary restraining order authorizing them to substitute the seized servers with their own and use them to respond to signals sent from hundreds of thousands of compromised computers in the U.S. This will allow authorities to send commands to the infected computers that stop the malware from running, preventing attackers from updating the malware and giving victimized computers time to update their virus signatures and malicious-software removal tools.
Officials also are warning owners of the compromised computers about the potential for fraud because of the malware on the machines. Computer owners will be told how to “opt out” if they do not want officials to stop the malware from running on their machines. “At no time will law enforcement authorities access any information that may be stored on an infected computer,” the statement said.
While the actions have disabled Coreflood in its current form, other variants of the malware could still be lurking on the Internet, officials said.
The Justice Department is working with the FBI, the U.S. Marshals Service, and the U.S. Attorney’s office in Connecticut with help from Microsoft and the Internet Systems Consortium.
Im0rtant, Recent, related P0sts;