URGENT >> BULLETIN >> MOVING: Prosecutors, FBI, U.S. Marshals Move Against ‘Coreflood’ Botnet; Seize 29 Domains, Execute Search And Seizure Warrants Amid Allegations Of Theft, Wire Fraud; Defense Contractor Allegedly Targeted By International Criminal Network

BULLETIN: A federal judge in Connecticut has authorized the seizure of 29 domain names tied to the alleged “Coreflood” botnet and malware network and ordered registrars and DNS providers to neutralize what prosecutors have described as a threat to U.S. national and economic security.

The judge ordered the network architecture to be nulled after reviewing allegations that large sums of money had gone missing from corporate bank accounts in at least four states. One of the targets of the cybercriminals was a U.S. defense contractor, according to the complaint.

In an extraordinary move, the judge ordered the U.S. Marshals Service to set up two “substitute server[s]” to intercept traffic and cripple the botnet’s ability to communicate with infected computers. The FBI was ordered to assist the marshals, if needed.

Coreflood is believed to have infected more than 2.3 million computers by installing keylogging software that opened doorways for criminals to steal passwords and remove money from bank accounts. Among the victims cited in court filings were the Tennessee-based defense contractor, a real-estate firm in Michigan, a law firm in South Carolina and an investment company in North Carolina.

In the case of the defense contractor, prosecutors said, the botnet was responsible for “fraudulent wire transfers” that attempted to siphon $934,528 and successfully stole $241,866. The real-estate firm was hit for $115,771 in fraudulent wire transfers. Meanwhile, the law firm was hit for $78,421, and the investment firm was hit for $151,201.

“The full extent of the financial loss caused by the Coreflood Botnet is not known, due in part to the large number of infected computers and the quantity of stolen data,” prosecutors said.

Thirteen “John Doe” defendants have been charged civilly, and criminal seizure warrants and search warrants have been executed, prosecutors said. The defendants are believed to be located “outside the United States,” according to court filings.

“Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation’s information infrastructure,” said Shawn Henry, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch.

About the Author

2 Responses to “URGENT >> BULLETIN >> MOVING: Prosecutors, FBI, U.S. Marshals Move Against ‘Coreflood’ Botnet; Seize 29 Domains, Execute Search And Seizure Warrants Amid Allegations Of Theft, Wire Fraud; Defense Contractor Allegedly Targeted By International Criminal Network”

  1. Hands up anyone who thinks this event does anything more than expose the tip of very large iceberg in an even larger ice field

      (Quote)

  2. From 2008:
    Coreflood keeps on infecting under radar
    http://www.securityfocus.com/brief/791

      (Quote)

Leave a Reply