U.s Counter Crime Agencies Disable Coreflood Botnet

By Author: eccuni
Total Articles: 211
Comment this article

Recently, counter crime and law enforcement agencies in United States (U.S) seized five command and control (C&C) servers and 29 web domains. The seized servers and domains were used by the creators of an international botnet, which infected millions of computers worldwide. The computers were infected with a malicious software program called Coreflood by exploiting security flaws in computers running Windows operating system. According to the civil complaint filed by the U.S Attorney Office for the District of Connecticut, as of February last year, around 2,336,542 compromised computers were used by Coreflood botnet worldwide and around 1,853,005 of those were located in U.S.

The malicious software allows attackers to remotely control and command the affected computers to extract sensitive personal and financial information related to users, including those on corporate networks. The botnet records key strokes of the users of compromised computers. The gathered information is then used to steal funds. According to the filing, the victims included a Michigan based real estate company, a South Carolina based law firm, ...
... an investment company based in North Carolina and a defense contractor based in Tennessee, whose bank accounts were used for fraudulent wire transfers of around $115, 771, $78,421, $151,201 and $241,866 respectively. The country faces a shortage of cyber security experts such as those qualified in IT degree programs, computer forensics, incident management, system administration and network administration to deal with the growing menace of cybercrime.

The action against Coreflood botnet was initiated after Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) received search warrants for computer servers, and seizure warrants against 29 domain names from the U.S District Court in Connecticut. The court also granted temporary restraining order, which allows government to respond to requests from the affected computers in the U.S to temporarily prevent the malware from functioning. The government and the FBI were assisted by Microsoft and the Internet Systems Consortium among many others in disabling the existing Coreflood botnet.

Microsoft has updated the Malicious Software Removal Tool to protect users against the malware. Cybercriminals constantly improvise their modus operandi to bypass preventive mechanisms. In this case, the attackers released a new variant of Coreflood malware prompting the government to file a supplemental memorandum in the court. The memorandum stated that government action on the malware would only be effective against the older variants of Coreflood and not so against new variants of the malware released in the last few days. However, the taking down of botnet would minimize the capability of the perpetrators of crime to update the malware. Security professionals need to constantly update their skills through online IT degree programs to combat the sophisticated Internet-based threats.

Internet users may gain insights on cyber security practices through e-tutorials, security blogs and online IT courses. Repeated error messages, slowing down, arbitrary restart or shut down and pop-up ads on desktop indicate that a system is affected with malware. Internet users must install, update and regularly scan their systems with anti-virus and anti-malware programs to safeguard their computer systems.