Department of Justice and FBI Take Down Huge Coreflood Botnet

Score one for the good guys this week as the FBI and US Department of Justice unleashed a powerful and quick take down of the “Coreflood” botnet.

Coreflood was a massive international network of more than two million infected computers. Coreflood botnet was used to empty bank accounts, score sensitive corporate data and steal untold financial data.

This is a huge victory as this particular botnet has been in operation for 10 years. This is not just a simple computer virus infection we’re talking about here. This was a systematic capture and drain scheme used to wire transfer money from your account to their account. Attorneys, contractors, small business owners and individuals, were all victims of these thieves.

The Coreflood namesake comes from the well known trojan used by these blood suckers to form the bot-network of infected computers. This Zombie Army with 29 domain names, and 5 command and control servers was slammed to a halt by a fast acting US Attorney’s Office in Connecticut.

The physical seizure of five servers and the accompanying complaints filed on 12 John Does, marks the end of a 10 year crime empire. It’s believed that while the servers and zombies are located here in the US, the real brains of the group are located in Russia. This is the same situation as was noted last month with Microsoft’s takedown of the long hunted Rustock botnet.

In addition to the search warrants issued for the seizure and the criminal complaints that are filed, the US Department of Justice was able to obtain a temporary restraining order allowing it to respond to infected computers within the US and effectively stop them from running. This combining of legal and technical strategies represented a new and innovative approach to rescue the hijacked pcs and crush the server control centers.

According to Assistant Attorney General Lanny A. Breuer of the Criminal Division of the Department of Justice, this innovative and effective approach will continue. “Law enforcement will continue to use innovative and responsible actions in our fight against cyber criminals and at the same time, we urge consumers to ensure they are continually taking prudent measures to guard against harm, including routinely updating anti-virus security protection.”

This is a big victory but don’t think for a minute that Coreflood is completely erased from the Internet. With this monster’s brains located outside of the U.S., you can bet that reconstruction and morphing is already under way. To do your part and preserve your credit cards, savings and checking, be sure you are protected with a good solid realtime antivirus. Make certain it is updated regularly and frequently. In addition, keep your firewall on and use a router.


SC Mag



 1,683 total views,  1 views today

(Visited 1 times, 1 visits today)

16 thoughts on “Department of Justice and FBI Take Down Huge Coreflood Botnet”

  1. This sucks!!! I try to leave a comment but as always a box pops up that wants me to sign into facebook! Trouble is the damn thing doesn’t work! I can even have my facebook page open in another window and be loged in but I always get the same message saying that the page can’t be displayed while trying to sign in using the popup box!!! You need to fix it or get rid of it all together….. Better idea?

  2. Protect me from the self righteous motormouths who lurk on websites and ALWAYS have something positive to contribute. Note the sarcasm you dunderheads.

  3. I’d like to know what a Linux is and how to switch from Windows. I suspect it’s a new progam I’d have to buy -right? I’m not that comuter savy

  4. I strongly suggest that you have several types of antivirus on your computer. Only run one full time. But once a week or month, run scans with the other two. This will strongly increase your chances of not getting a virus or malware.

    I use Microsoft Essentials as run it all the time, Malwarebytes and Panda as the run weekly.

  5. you can use a program to block all IP’s from a specific country . I alreeady use it works fine and Russia and china are among those i block 🙂

    1. Blocking foreign IP addresses is a good thing but the servers were over here. Your cumputer would never know about a foreign IP in this case.

  6. Inspector Clouseau

    Oh come on guys. The DOJ does something good and important and you sit back on your Barcaloungers and complain. Kudos for the DOJ.Plus do you really know that this blogger knew all of what happened or reported it? Maybe the DOJ has notified those victims. You just don’t know. Try giving credit where credit is due. You’ll feel much better in the long run!

  7. So now when*) my computer suddenly acts more responsive without any tinkering on my part I can add one more explanation to the list: Oh, maybe the government shut down some spam-spewing program on it without telling me – {shudder.}
    *)”when” because it’s a sometime thing…

  8. Aren’t the Ruskies our pals any longer.

    And when is “superman” going to halt the MILLION$ being pilfered by ransomware based on foreign shores? On second thought, maybe the mindless masses can’t be protected from their stupidity.

    It would appear the paranoia exhibited by George C Scott in Dr Strangelove is still warranted.

    1. Inspector Gadgets

      @jack spratt: The Roosky government may be our friends but think of all the trained KGB Hackers that may not have a job anymore and the Russian Crime Syndacates being what they are and you can see how (just like all our friendly Middle Eastern governments) just because the gov get along means nothing for the masses. Just saying

  9. I only have a software firewall in place and not a physical firewall. Can I use a router when I have a dial-up internet connection? And, if so, How?

  10. And of course they are notifying everyone that was infected by this, right?
    Or are they not, and letting the poor victims just live in the dark, all of them ready to be taken over by the next attack that probably already happened. It took them 10 years to crack this case, so What does that really say about the people they hired? To me it says they didn’t hire anyone but the bottom level dregs and those at the top in charge weren’t any better.
    I still want to know about the people that were infected, were any of them ever notified, did any of them get their computers cleaned. Hell I could be one of the victims and will never know, even with all the supposed security programs I have running they never find anything on their own, nope it’s only after I force a scan will anything show up, and even then it’s not everything wrong or dangerous as I learned more than once already. Sometimes the only cure is a brand new hard drive or a brand new computer.

  11. I am quite happy that the govt is going after these ne’erdowells. however, is it closing the barn door after the horse has escaped?

    We have MILLIONS of maniacs in unregulated countries doing or planning the same. Include communist china. why not just shut them off until/ unless the powers FIX the issues internally?

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.