FBI disables ‘Coreflood’ botnet, seizes servers
WASHINGTON – The US authorities have disabled a vast network of virus-infected computers used by cyber criminals to steal passwords and financial information, the Justice Department and FBI announced Wednesday.
The “Coreflood” botnet is believed to have operated for nearly a decade and to have infected more than two million computers around the world, they said in a joint statement.
The Justice Department and FBI said charges of wire fraud, bank fraud and illegal interception of electronic communications had been filed against 13 suspects identified in court papers only as John Doe 1, John Doe 2, etc.
Five computer servers and 29 Internet domain names were seized as part of the operation, described as the “most complete and comprehensive enforcement action ever taken by US authorities to disable an international botnet.”
A botnet is a network of malware-infected computers that can be controlled remotely from other computers to carry out attacks or other operations.
Coreflood, which exploited a vulnerability in computers running Microsoft’s Windows operating systems, was used to steal usernames, passwords and other private personal and financial information, US officials said.
“The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” US attorney David Fein said.
“These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure,” said Shawn Henry of the FBI’s Criminal, Cyber, Response and Services Branch.
In July of last year, US, Spanish and Slovenian law enforcement authorities announced the arrest of the suspected creator of the “Mariposa Botnet,” which may have infected as many as eight million to 12 million computers around the world.