FBI hijacks Coreflood botnet
Swaps command servers with their own.
US authorities claim to have replaced the command and control servers of the Coreflood botnet with their own kit in an effort to weaken the impact of the decade-old threat.
The US Department of Justice (DOJ) and the FBI seized five command and control servers and 29 domain names used by the botnet, according to a statement issued Wednesday.
Authorities were granted permission to swap the servers after gaining a temporary restraining order (TRO) on the machines hosting the software. It was hoped authorities could thus prevent the botnet's operators from updating software on victim systems and continue to avoid detection by antivirus vendors.
"The TRO authorises the government to respond to these requests from infected computers in the United States with a command that temporarily stops the malware from running on the infected computer," the DOJ said.
Coreflood, one of the oldest botnets in continuous operation, was unique, according to Joe Stewart, director of research for Dell SecureWorks.
Motives have morphed over time - from simple DDoS to selling anonymity services and even to bank fraud. Over the course of the decade, Coreflood has infected businesses, hospitals, government and a state police agency.
The botnet was capable of infecting an entire domain in one hit and used a MySQL database to track infections, according to Stewart, who uncovered a 50GB database of stolen credentials the botnet had collected in the two years to 2008.
Full Story:
Additional details:
Cheers Don...
===================