Print 44 comment(s) - last by ipay.. on Apr 19 at 12:13 PM

Thanks to over a hundred updates, the Coreflood botnet survived and evolved for 10 years. It is estimated to have stolen up to $100M USD.  (Source: V3)

The hackers involved are suspected of being located in Russia. It is very possible that they will get away with their massive loot.  (Source: Richard Kiwi)
Complaint has been issued against 13 foreign nationals, but there's no promises they won't get away with the loot

It took ten years, but the U.S. finally has killed [press release and court documents] a notorious botnet spread by an ever-evolving virus known as "Coreflood".  The botnet had been active since 2001, slowly building up an arsenal of 2 million computers worldwide, with the help of helper malware.  It is responsible for stealing an estimated $100M USD worldwide from businesses and individuals.

A botnet is a group of infected machines that can be coordinated to steal information from the users of the machines.  They can also be controlled to send malicious files, spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package.  What began as a trojan received over 100 updates, eventually gaining viral characteristics and the ability to steal passwords and credit card information.

The creators of the botnet used it as a vehicle to harvest information pertaining to bank accounts.  Using that information they initiated thousands of fraudulent banking and wire transactions.  A complaint filed in the U.S. District Court for the District of Connecticut reveals details of some of the losses -- a real estate company in Michigan lost $115,771 USD, a South Carolina law firm lost $78,421 USD, and a Tennessee defense contractor lost $241,866 USD.

It is believed that the botnet was run by at least 13 individuals operating out of Russia.  States Alan Paller, director of research at the SAN Institute, an anti-cybercrime nonprofit group, in an interview Reuters, "We're pretty sure a Russian crime group was behind it."

The feds long battle with Coreflood and the cybercriminals finally turned when agents seized servers that were spreading the botnet.  Describes the feds, "The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes."

The final straw against Coreflood occurred this month when agents completed the reverse engineering of the virus and instructed the infected machines to stop sending stolen data and shut down.

The feds' ability to kill Coreflood was the result of lessons learned in past incidents.  In March, following a suit by Microsoft Corp. (MSFT), federal agents raided a hosting service, seizing servers that were spreading the Rustock spammer botnet.  Without its backbone, Rustock essentially died, taking approximately half of U.S. spam with it.

According to court documents the decision to reverse engineer the virus and shut down the infected machines was inspired a technique used by Dutch police in a separate case.  It was the first time such a technique had been employed in the U.S.

Mr. Paller applauds the U.S. Department of Justice (DOJ) and U.S. Federal Bureau of Investigations (FBI) efforts, stating, "This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it."

The Connecticut court's civil complaint was filed by the U.S. DOJ against the 13 foreign individuals believed to be running the botnet.  A criminal investigation is ongoing, and charges may follow.

Unfortunately the cybercriminals who masterminded the scheme appear to be outside U.S. jurisdiction -- likely in Russia.  Given the Russian government's questionable resolve on cybersecurity, it's possible that those involved will get away with the lot.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By bh192012 on 4/14/2011 1:18:52 PM , Rating: 5
Am I the only one who read that title and thought, "They killed a botnet, and a 10 year old?"

RE: hmm
By YashBudini on 4/14/2011 1:21:58 PM , Rating: 2
Poorly placed comma.

RE: hmm
By headbox on 4/14/11, Rating: -1
RE: hmm
By morphologia on 4/14/2011 3:06:02 PM , Rating: 5
It must really take a faithful devotion to absolutely useless commentary to think that your opinion of how DT does things matters at all.

Criticizing a newsblog for repeating news from around the world - which about 90% of news sites do - and calling it a failing on their part, are you really that dense? There's a very small portion of original news sources that are quoted, cited and referred to by EVERYONE ELSE IN THE WORLD.

Do you really think that every news outlet should only publish their own exclusive stories? There's not enough news in the world for that, and no one cares about anything but the major stories anyway.

As for your Mac crack, the answer is because (a) you can't know that for sure, since there's enough emulation, cross-compatibility and sheer ignorance among Mac users and software that Macs could have been involved, and (b) because it's not important, except to howling fanbois (on both sides of the debate).

Now that I have provided you with much-needed education, perhaps you can contribute something besides inane pseudo-journalistic criticism to this discussion.

RE: hmm
By nstott on 4/14/2011 3:22:06 PM , Rating: 3
and calling it a failing on their part, are you really that dense?

Yes. He/She/It is.

RE: hmm
By YashBudini on 4/15/11, Rating: -1
RE: hmm
By nstott on 4/14/2011 3:18:11 PM , Rating: 4
When you're rewriting someone else's press release and calling it "news", you don't have time for proofreading. Lack of an editor (or MS Word error correction) is a DT trademark.

And yet you still come back for more...

btw- why didn't he mention none of the infected computers were Macs?

There are so many ways to answer this (other DT people, please feel free to add more):

A. Because he was afraid that mactards like you would spaz out and hurt yourselves.

B. Because Macs are for people who don't know how to use computers, and the cyber criminals know that all of the money is more likely to be in mommy and daddy's bank accounts. Wanna lollipop?

C. For the same reason he didn't mention that you have gonorrhea: It's irrelevant.

RE: hmm
By KoolAidMan1 on 4/14/2011 9:56:52 PM , Rating: 1
Wealthy people and media businesses own Macs. Loads of cash to be had there. Other places with loads of money on their hands use Linux, things like trading desks, hedge funds, and exchanges.

Either the criminals thought it was easier to break through the swiss cheese security of Windows XP run by "the little guy", it being hands down the most insecure modern OS ever, or they loved money but they didn't love it too much.

I reckon its the former.

It isn't brain surgery why XP has been the #1 target for malware. Being admin/root by default is a security disaster. So glad that Vista and Windows 7 caught up with OSX/Linux and fixed this, now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.

RE: hmm
By B3an on 4/15/2011 6:09:24 AM , Rating: 1
now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.

Thats not true. Regardless of what the iSheep/Jobs say Flash isn't much of a security risk. Although i can certainly understand Jobs being worried about Flash anyway being as OSX isn't exactly a shining example of a secure OS.

The biggest threat by far to Vista/7 or any OS are the users. Atleast 98% of malware/viruses must be from by people downloading executable files, fake software and all kinds of stuff, ignoring the security messages, and installing it. I use to fix hundreds of machines a year because people do this, half of them often had anti-virus/malware protection software running, but thats obviously completely useless against the user.

Literally 3 hours ago this happened to a friend, again, they just downloaded some random "video acceleration" software that poped up in an advertisement, which installed malware and made every site link they clicked on go to some dodgy site.
I've actually never seen a case where Vista/7 64-bit seem to have been compromised because of a security flaw in the actual OS.

RE: hmm
By KoolAidMan1 on 4/15/2011 2:13:45 PM , Rating: 2
Trojans will always be a security risk, absolutely. There is nothing to stop people from executing software that can harm their computer, but at least it now requires an elevation of user rights and it is a little harder for that to happen.

That said, Java/Flash/Reader are still the easiest vectors for malware outside of a user running malicious software himself. Just last week there were stories (again) of zero-day exploits within Flash. It isn't a matter of fanboyism or whatever, it is a problem that Adobe and Sun are constantly having to address.

Fortunately Microsoft has the vectors for malware plugged up well within their own OS, now the rest lies upon users and the companies that make third party plug-ins.

RE: hmm
By rudy on 4/15/2011 2:55:49 PM , Rating: 2
Of course it is not brain surgery but apparently it is beyond you. This is a simple matter of numbers.

Let me see build a virus that targets mac, linux or both and then see if I can get 2 million infections. Lets say that there every person in the US has a computer 300 million and lets generously say that 10% of them own a mac or linux machine. That is 30 million now you must infect 6.7% of them to achieve that. As far as I know no virus has ever in the history of computers infected 6.7% of computers. Now take windows 270 million users less than 1% of the population needs to be infected over a 10 year period.

If you are any one with half a brain what customer base are you going after? 90% or the rest?

Don't worry though now that macs are on the incline we are already seeing that they are becoming a target.

Lets look at another thing there is a market where linux has a huge share that is in web servers. In web servers attacks and compromised web servers are common place it has happened to me personally and has happened on my servers with out me personally being infected multiple times since I started running websites. Anyone who knows anything abotu web hosting knows for sure that there is nothing inherently secure about linux it is hit by exploits all the time.

And as always with either desktop or server OS the most common cause is the users not the OS, and of course not keeping your programs and scripts up to date.

RE: hmm
By KoolAidMan1 on 4/18/2011 4:01:39 AM , Rating: 1
Wow, I liked the rest of your post, too bad you had to open up with an incredibly shitty opening. Congrats!

RE: hmm
By RedemptionAD on 4/15/2011 11:27:09 PM , Rating: 3
"Windows is like a house in the bad part of town with bars over the windows and Mac is like living in a house in the country without any locks on the doors." ~The bottom of dailytech pages. Put the windows house in the country and it would be impossible to break into. Put the mac house in the windows part of town and a stray cat could break in.

RE: hmm
By drycrust3 on 4/14/2011 4:01:17 PM , Rating: 2
why didn't he mention none of the infected computers were Macs

Yes, I noticed there was no mention of Microsoft, Windows, or IE as well. Each of those firms that lost money could have downloaded a free Linux distribution like Ubuntu and used that for most of their business, and not only been totally ignorant of the botnet, but been unaffected by it as well.
The sad part is that while the management at those firms probably didn't know about Linux, their IT people would have, and should have got them using it for most or all of their day to day business.
Probably the reason no mention was made that users of free Linux distributions or Mac weren't affected is because lots of people like to perpetuate the myth that Windows (any version) is essential in the modern office environment, although my observation is that it isn't.

RE: hmm
By Reclaimer77 on 4/14/2011 4:09:16 PM , Rating: 4
btw- why didn't he mention none of the infected computers were Macs?

Because Mac's aren't good at making money, even if it's stealing it. Which explains why Windows has a 99% market share in businesses.

RE: hmm
By ipay on 4/19/2011 12:13:27 PM , Rating: 1
Same reason didn't he mention none of the infected computers were Amigas?

RE: hmm
By aguilpa1 on 4/14/2011 1:24:30 PM , Rating: 2
LOL, me too and then the thought of a 6 year old getting pat down searched, I have been reading to many news articles.

RE: hmm
By DJ Brandon on 4/14/2011 8:00:33 PM , Rating: 2
I thought a ten year old wrote the virus lol

RE: hmm
By geekman1024 on 4/15/2011 2:51:55 AM , Rating: 4
Actually,this is what I thought: A 10 year old kid set up a botnet with 2 million PC,and both the kid and the botnet was killed. The killer stole up $100M from the kid.

RE: hmm
By priusone on 4/15/2011 12:16:47 PM , Rating: 2
Gotta love how the brain works. Was drinking coffee with a friend when I read the title, and I guess I had a WTF express since she asked what was the matter.

If They Reverse-Engineered...
By mmatis on 4/14/11, Rating: 0
RE: If They Reverse-Engineered...
By ekv on 4/14/2011 1:26:06 PM , Rating: 2
Ironic, no?

Citizens are easier to prosecute. Non-citizens would be more difficult, and nobody likes hard cases.

Btw, it would've been nice to have read a more technical description of how the botnet was reverse engineered. Or at least a link to the Dutch operation, e.g.

RE: If They Reverse-Engineered...
By Solandri on 4/14/2011 2:15:38 PM , Rating: 2
they are clearly in violation of DCMA

I think the DMCA is as much a piece of crap as you do, but they did think of this possibility ahead of time when they were crafting it. The DMCA has a specific exemption for this:
(e) LAW ENFORCEMENT, INTELLIGENCE, AND OTHER GOVERNMENT ACTIVITIES- This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State.

RE: If They Reverse-Engineered...
By omnicronx on 4/14/2011 3:17:04 PM , Rating: 3
How exactly can a virus/trojen etc that are most likely not covered by US copyright law be in violation of the Digital Millenium COPYRIGHT Act???

RE: If They Reverse-Engineered...
By kleinma on 4/14/2011 3:58:36 PM , Rating: 3
are you dumb or just stupid?

Show Biz
By Mouth on 4/14/2011 12:30:55 PM , Rating: 4
I think one of these guys is playing the Russian with the miniature golden giraffe in the Directv commercials.

RE: Show Biz
By YashBudini on 4/14/2011 1:18:54 PM , Rating: 2
You know Paget Brewster is somehow involved in all of this.

RE: Show Biz
By ARoyalF on 4/14/2011 11:57:01 PM , Rating: 2
LOL, the Guy that says "I am epic win" in faux Russian accent.

Only 100M USD????
By croc on 4/15/2011 5:02:38 AM , Rating: 2
Those russians need to learn how to REALLY steal money... Like Goldman-Sachs, Merril, et al. Why, 100M USD is chump change in Wall Street theft terms... And the russians didn't even come CLOSE to causing a global financial melt-down. But guess who'll get the jail time? The big fish or the small pikers???

Thank heavens that AUS still has some banking regulations left...

RE: Only 100M USD????
By YashBudini on 4/15/2011 12:51:07 PM , Rating: 2
Steal a wallet go to jail. Cause a global economic meltdown get a bonus.

These are the actions of a banana republic.

RE: Only 100M USD????
By Belard on 4/16/2011 10:34:10 PM , Rating: 2
As well as those on Wall Street, Koch Industries, BP, Exxon and many other fortune 500 companies.

If only
By YashBudini on 4/14/2011 1:24:03 PM , Rating: 2
Had the botnet been traced back to Wall St the government would have been passing out bonuses.

RE: If only
By dowen777 on 4/14/2011 1:41:56 PM , Rating: 2
Additionally, there would have been a multi-billion dollar bailout for any expenses incurred while ripping us all off.

Well if you're gonna steal from someone...
By BugblatterIII on 4/14/2011 8:01:42 PM , Rating: 2 agents, lawyers and arms manufacturers aren't a bad choice...

By espaghetti on 4/14/2011 10:33:41 PM , Rating: 2
You sound fortunate enough to have never needed any of those services or products.
I however, needed a lawyer a few times and they aren't cheap.
I can't imagine someone ripping them off convinced them to lower the prices on their services to other people.
Finally,I wouldn't want to be on the wrong side of someone who makes guns or explosives for a living.

I'm just thinking out loud..sorry

A fool and his money...
By EricMartello on 4/14/2011 3:02:12 PM , Rating: 2
OK you gotta admit that this is pretty cool. They created a massive botnet and kept it alive longer than most internet startups stay in business...and made more money than said startups.

Maybe is time I move to russia start new career, yes?

RE: A fool and his money...
By RivuxGamma on 4/16/2011 12:19:49 PM , Rating: 1
Or certainly by this evening, yes?

We study the problem and we’ve been studying it for damn well near a century, yes, but we get no further with our studies. You’ve got a good power supply here, good loving users. You’ve got not too bad of a cpu. Is it some botnet that crawls inside of you?

Next time..
By mosu on 4/18/2011 2:52:21 AM , Rating: 2
I hope it won't take another 10 years to stop other botnets and especially people behind the scheme.And what about other countries?

Three cheers for Holland
By Uncle on 4/14/11, Rating: -1
RE: Three cheers for Holland
By cjohnson2136 on 4/15/2011 5:20:44 PM , Rating: 1
If you read the article you would know that Holland had nothing to do with this investigation. No one in Holland did anything to deserve credit. Giving credit to Holland would be like mentioning Thomas Edison in every further invention of light bulbs. The FBI and DOJ just took the idea of reverse engineering the virus. The FBI and DOJ do deserve all the credit for all the work.

I think Patton said it best:
By 91TTZ on 4/14/11, Rating: -1
By mikeyD95125 on 4/14/2011 3:57:34 PM , Rating: 2
Ironically, after 1945 we are americans and our foreign policy took on very similar characteristics.

RE: I think Patton said it best:
By Lerianis on 4/16/2011 2:01:11 AM , Rating: 1
Patton was an idiot in this case. The fact is that the Russians are driven by the same desires as anyone else. If you cannot understand them than you are going to have a hellish time of understanding yourself.

RE: I think Patton said it best:
By RivuxGamma on 4/16/2011 12:23:20 PM , Rating: 1
It is their kung fu treachery that will be their undoing.

"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki