US launches unprecedented legal attack on botnet

US law enforcement authorities have taken unprecedented legal measures to take down a botnet believed to have infected more 2 million PCs.

The US Department of Justice and the FBI filed a civil complaint against the botnet’s operators, issued criminal seizure warrants for the servers that control the botnet, as well as a temporary restraining order allowing it to intercept communications from infected PCs in the US.

A statement from the DoJ described it as "the most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet".

The botnet in question is known as Coreflood. It is believed have been in operation for more almost a decade, and is used to steal passwords and bank account details.

After the warrants had been issued, five "command and control" servers and 29 Internet domain names that were used to communication with infected PCs were seized.

Interestingly, owners of PCs infected with Coreflood will be able to opt out of the restraining order, "if for some reason they want to keep Coreflood running on their computers".

Security company Symantec’s online database of malware threats lists a threat entitled Backdoor.Coreflood. First identified in 2003, the threat affects versions Windows up to but excluding Vista, and its risk level is identified as "Very Low".

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics