FBI Pulls the Plug on Coreflood Botnet

Coreflood is the latest botnet to get the axe. The FBI used unafraid, case law-setting maneuvers to ask the Corefloood botnet offline–reducing the volume of junk e-mail polluting your Inbox, and making the Internet a trifle safer.

A botnet is a network of infected computers (bots) that can beryllium controlled remotely by attackers for a diverseness of malicious purposes. Coreflood allows compromised Windows PCs to be accessed by attackers, enabling them to slip away sensitive personal and financial information in order to steal funds.

"Botnets and the cyber criminals who deploy them jeopardize the economic security measures of the United States and the reliableness of the Nation's information infrastructure," same Ted Shawn Joseph Henry, Executive Assistant Director of the FBI's Criminal, Cyber, Response and Services Branch in the Justice Department release describing the cause to shut down Coreflood. "These actions to mitigate the menace posed by the Coreflood botnet are the basic of their kind in the USA and reflect our commitment to being creative and active in making the Net more fix."

Dave Marcus, McAfee Labs research and communication theory director, explained that the cybercriminals behind Coreflood created a money machine with this botnet. Marcus says that it is difficult to estimate just how much money the botnet generated, simply that it likely in the tens of millions, and that it is not outside the realm of possibility that Coreflood could have raked in more than $100 million.

This is just the latest in a string of high-profile botnet takedowns. Waledac was killed in February of 2020, Bredolab was squinched down in November of last year, and Rustock–favorable a self-imposed hiatus over the holidays–was knocked offline in March of 2020. But, there are plenty more botnets where these came from.

In a blog spot, Gunter Ollmann, Research VP for Damballa, is particularly affected with the prompt by the FBI to obtain a temporary restraining order authorizing the government to respond to signals conveyed from PCs compromised by Coreflood to order the malicious agent to shut down.

Ollmann says, "What does this mean? Intimately, the DoJ was allowed to impersonate the commanding servers and ship a "Kibosh" command to the botnet agents that were bound to the 5 illegal CnC servers. This is common law scene.

McAfee's Marcus said, "We commend and reenforcement the actions subsequent in the takedown of the Coreflood botnet and the cybercriminals that die hard it. This is the type of activity that needs to happen to make the Internet a safer range."