FBI hijacks Coreflood botnet

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

FBI hijacks Coreflood botnet

Swaps command servers with their own.

US authorities claim to have replaced the command and control servers of the
Coreflood botnet with their own kit in an
effort to weaken the impact of the decade-old threat.

The US Department of Justice (DOJ) and the FBI seized five command and control
servers and 29 domain names used by the
botnet, according to a statement issued Wednesday.

Authorities were granted permission to swap the servers after gaining a
temporary restraining order (TRO) on the
machines hosting the software. It was hoped authorities could thus prevent the
botnet's operators from updating software
on victim systems and continue to avoid detection by antivirus vendors.

"The TRO authorises the government to respond to these requests from infected
computers in the United States with a
command that temporarily stops the malware from running on the infected
computer," the DOJ said.

Coreflood, one of the oldest botnets in continuous operation, was unique,
according to Joe Stewart, director of research
for Dell SecureWorks.

Motives have morphed over time - from simple DDoS to selling anonymity services
and even to bank fraud. Over the course
of the decade, Coreflood has infected businesses, hospitals, government and a
state police agency.

The botnet was capable of infecting an entire domain in one hit and used a MySQL
database to track infections, according
to Stewart, who uncovered a 50GB database of stolen credentials the botnet had
collected in the two years to 2008.


Full Story:
http://www.itnews.com.au/News/254437,fbi-hijacks-coreflood-botnet.aspx

Additional details:
http://www.justice.gov/opa/pr/2011/April/11-crm-466.html


Cheers Don...

===================


--
Don McKenzie

Dontronics Blog:     http://www.GodzillaSeaMonkey.com
We've slightly trimmed the long signature. Click to see the full one.

Site Timeline