US officials demolish massive botnet from within
The US Government and FBI have stamped down on an international botnet with a whir of warrants, restraining orders, and server and domain seizures.
In a move described by the authorities as their “most complete and comprehensive enforcement action ever taken against a botnet”, the authorities closed down the Coreflood network of hundreds of thousands of infected computers by demolishing its central command structure.
The complex operation required the authorities to obtain court orders to support their actions, in which they replaced command and control servers that oversaw the botnet with servers of their own in a bid to stop the network from resurrecting itself.
“According to court filings, Coreflood is a particularly harmful type of malicious software that records keystrokes and private communications on a computer,” the Department of Justice (DoJ) said.
The Government obtained a temporary restraining order authorising it to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running
“In the enforcement actions announced today, five command and control servers that remotely controlled hundreds of thousands of infected computers were seized, as were 29 domain names used by the Coreflood botnet to communicate with the command servers.”
As part of the operation, the officials also filed a civil complaint against 13 “John Doe” defendants, alleging they had engaged in wire fraud, bank fraud and illegal interception of electronic communications.
Despite the closure of the main hubs of the criminal network, the authorities believed a clean-up operation was also required, and officials plan on monitoring traffic on the Coreflood network to try and prevent further exploitation of infected machines.
“The Government obtained a temporary restraining order authorising it to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running,” the DoJ said. “This should prevent further harm to hundreds of thousands of unsuspecting users of infected computers in the US.”