Feds take ‘Coreflood Botnet’: ‘Zombie’ army may have infected 2 Million computers, stolen hundreds of millions of dollars.

By on April 15, 2011 9:26:10 AM from JoeUser Forums JoeUser Forums External Link

ShadowWar

Join Date 06/2004
0

The FBI and the U.S. Justice Department (DOJ) said April 13 they have disabled a "botnet" of more than 2 million computers infected with malicious code that Eastern European cyber criminals may have used to drain millions of dollars from bank accounts around the world. U.S. authorities continue to combat the network of remotely controlled computers called the "Coreflood" botnet, which has secretly recorded computer users’ keystrokes to compromise vast amounts of banking and financial data. Coreflood is believed to have been operating since 2002 and has resulted in an unknown number of U.S. bank accounts being broken into with losses that could be in the hundreds of millions of dollars, according to FBI officials. DOJ and the FBI filed a civil complaint against 13 "John Doe" defendants, charging them with wire fraud, bank fraud, and illegal interception of electronic communications. The FBI and DOJ also have executed search warrants to seize Internet domain names believed tied to the control servers for the Coreflood program. Investigators received a temporary restraining order allowing them to seize control of the infected servers to try to further dismantle and disable the botnet.

11 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2011 9:37:48 AM from WinCustomize Forums WinCustomize Forums

This time they're doing it the right way:

The Federal Judge allowed them to supplant the Command and Control servers with their own, so when the nasty "dial home" software does, the FBI servers shut the malware down and notify the relevant ISP which sends an email of how to clean out the malware.

This is important because Coreflood distributed financial id stealing software.

If you get an email from your ISP concerning this, do as it describes, and also get in touch with some folks to help repair the damage done to your identity. 

The prior Rustock, etc. was incomplete as the software was left on the home pc's and ISP's weren't notified to follow up with their clients. 

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2011 10:07:54 AM from JoeUser Forums JoeUser Forums

Quoting DrJBHL,
The Federal Judge allowed them to supplant the Command and Control servers with their own, so when the nasty "dial home" software does, the FBI servers shut the malware down and notify the relevant ISP which sends an email of how to clean out the malware.

Government is slow to learn but it is heartening to see they can learn.

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2011 12:00:13 PM from WinCustomize Forums WinCustomize Forums

Quoting DrJBHL,
If you get an email from your ISP concerning this, do as it describes,

Problem is that I'd figure it was a fake and delete it without reading it.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
April 19, 2011 7:46:18 AM from JoeUser Forums JoeUser Forums

Quoting DaveRI,
DrJBHLreply 1If you get an email from your ISP concerning this, do as it describes,Problem is that I'd figure it was a fake and delete it without reading it.

Thats exactly what I was thinking also! One will have to know about this exploit to know to maybe expect an e-mail. It will be hard to convince those that are security minded to even read the e-mail. But since most people are not that careful, it will probably work for the majority.

Reason for Karma (Optional)
Successfully updated karma reason!
April 19, 2011 1:51:27 PM from JoeUser Forums JoeUser Forums

Quoting ShadowWar,
But since most people are not that careful, it will probably work for the majority.

yea, I still hear about people who "send money'. In fact, I just got a new letter from someone saying they had sent money, been screwed and got help from some flunky in Nigeria!  I wonder if anyone is going to fall for the latest ploy?

Reason for Karma (Optional)
Successfully updated karma reason!
April 19, 2011 8:51:07 PM from WinCustomize Forums WinCustomize Forums

Quoting Dr Guy,
I wonder if anyone is going to fall for the latest ploy?

I wonder how may are going to fall for the latest ploy.

Reason for Karma (Optional)
Successfully updated karma reason!
April 20, 2011 4:04:31 AM from WinCustomize Forums WinCustomize Forums

Didn't really correcting...but if your going to do it...

Quoting Uvah,
I wonder how may are going to fall for the latest ploy.

I wonder how many are going to fall for the latest ploy?

Reason for Karma (Optional)
Successfully updated karma reason!
April 20, 2011 4:31:28 AM from WinCustomize Forums WinCustomize Forums

DOH!

Reason for Karma (Optional)
Successfully updated karma reason!
April 20, 2011 5:56:35 AM from WinCustomize Forums WinCustomize Forums

I remember that in the thread about taking down the internet, people pooh-poohed the idea of 250,000 computers needing to be infected in order to do that.

What do you think now? 

Reason for Karma (Optional)
Successfully updated karma reason!
April 20, 2011 6:35:55 AM from WinCustomize Forums WinCustomize Forums

I think that if the Fed doesn't get a handle on this sort of thing real soon we all had better learn how to speak Chinese or Arabic or whichever one comes first. Probably Brooklynese. Those guy over there are nuts.

Reason for Karma (Optional)
Successfully updated karma reason!
April 20, 2011 11:26:32 AM from JoeUser Forums JoeUser Forums

Quoting Uvah,

Quoting Dr Guy, reply 5 I wonder if anyone is going to fall for the latest ploy?

I wonder how may are going to fall for the latest ploy.

Quoting WebGizmos,
Didn't really correcting...but if your going to do it...


Quoting Uvah, reply 6I wonder how may are going to fall for the latest ploy.

I wonder how many are going to fall for the latest ploy?

Quoting Uvah,
DOH!

Well I was going to give Uvah a kudos for correcting me, but do they go to WebGizmos now?

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108433  walnut3   Server Load Time: 00:00:00.0000531   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.