The U.S. Department of Justice and FBI have disabled Coreflood,a decade-old botnet that's infected more than 2 million privatecomputers, by seizing and replacing five command and controlservers and 29 domain names used by the botnet, the Department ofJustice said in an April 13 press release.
|Coreflood has compromised numerous victims' bank accounts bystealing their user names, passwords and other personal financialinformation, the government said. The malware is designed to recordkeystrokes and control a victim's computer remotely via one of itscommand and control servers.
|Targeted accounts include payment cards serviced by creditunions, Dell SecureWorks Director of Threat Intelligence DonJackson said. He added that Coreflood operators also reached someCUs by infecting the machines of companies and organizations theywere chartered to serve.
|The U.S. Attorney's Office for the District of Connecticut fileda civil complaint dated April 11 against 13 “John Doe” defendantsalleging that they had committed “wire fraud, bank fraud andillegal interception of electronic communications” and obtained atemporary restraining order to seize Coreflood, the statementread.
|The temporary restraining order, which the FBI New Haven FieldOffice posted on its website,allows U.S. authorities to send each infected computer a commandthat will shut off the malware's operations. It also gave officialspermission to set up a replacement server at Internet hostingprovider Internet Systems Consortium from which they could executethe stop commands.
|The first-of-its-kind government move followsa major bust of account-raiding cyber thieves last fall in New York, who were arrested for using Zeus Trojanmalware to steal at least $3 million from bank accounts.
|“The actions announced today are part of a comprehensive effortby the department to disable an international botnet, while at thesame time giving consumers the ability to take necessary steps toprotect themselves from this harmful malware,” Assistant AttorneyGeneral Lanny A. Breuer of the Criminal Division said in thestatement.
|The government promised that the Coreflood intervention wouldnot compromise infected computer users' private information,stating, “At no time will law enforcement authorities access anyinformation that may be stored on an affected computer.”
|Officials also said it would give users the option to opt out ofthe temporary restraining order should they wish for some reason tocontinue running Coreflood on their computers.
|Jackson said many experts agree the government takedown wassuccessful and well thought-out, and that it set an example for apromising new response model.
|“All options regarding the interaction with infected computerswere carefully analyzed for possible unintended consequences, andsound decisions were made to protect the owners and users at allcost,” Jackson said. “Evidence suggests that the same inscrutableattention to detail was given to legal and political issues aswell, not just the technical ones.”
|He explained that Coreflood operators affected credit unions bystealing data from companies and organizations with a large numberof employees belonging to the same credit union.
|“Let's say a credit union is chartered to serve telephonecompany employees and the office network inside the telephonecompany headquarters–staffed by 5,000 credit union members–isinfected by Coreflood,” Jackson gave as an example. “That creditunion is likely to be disproportionately affected by relatedfraud.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Natasha Chilingerian
Natasha Chilingerian has been immersed in the credit union industry for over a decade. She first joined CU Times in 2011 as a freelance writer, and following a two-year hiatus from 2013-2015, during which time she served as a communications specialist for Xceed Financial Credit Union (now Kinecta Federal Credit Union), she re-joined the CU Times team full-time as managing editor. She was promoted to executive editor in 2019. In the earlier days of her career, Chilingerian focused on news and lifestyle journalism, serving as a writer and editor for numerous regional publications in Oregon, Louisiana, South Carolina and the San Francisco Bay Area. In addition, she holds experience in marketing copywriting for companies in the finance and technology space. At CU Times, she covers People and Community news, cybersecurity, fintech partnerships, marketing, workplace culture, leadership, DEI, branch strategies, digital banking and more. She currently works remotely and splits her time between Southern California and Portland, Ore.
