It took ten years, but the U.S. finally has killed [press release and court documents] a notorious botnet spread by an ever-evolving virus known as "Coreflood".  The botnet had been active since 2001, slowly building up an arsenal of 2 million computers worldwide, with the help of helper malware.  It is responsible for stealing an estimated $100M USD worldwide from businesses and individuals.

A botnet is a group of infected machines that can be coordinated to steal information from the users of the machines.  They can also be controlled to send malicious files, spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package.  What began as a trojan received over 100 updates, eventually gaining viral characteristics and the ability to steal passwords and credit card information.

The creators of the botnet used it as a vehicle to harvest information pertaining to bank accounts.  Using that information they initiated thousands of fraudulent banking and wire transactions.  A complaint filed in the U.S. District Court for the District of Connecticut reveals details of some of the losses -- a real estate company in Michigan lost $115,771 USD, a South Carolina law firm lost $78,421 USD, and a Tennessee defense contractor lost $241,866 USD.

It is believed that the botnet was run by at least 13 individuals operating out of Russia.  States Alan Paller, director of research at the SAN Institute, an anti-cybercrime nonprofit group, in an interview Reuters, "We're pretty sure a Russian crime group was behind it."

The feds long battle with Coreflood and the cybercriminals finally turned when agents seized servers that were spreading the botnet.  Describes the feds, "The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes."

The final straw against Coreflood occurred this month when agents completed the reverse engineering of the virus and instructed the infected machines to stop sending stolen data and shut down.

The feds' ability to kill Coreflood was the result of lessons learned in past incidents.  In March, following a suit by Microsoft Corp. (MSFT), federal agents raided a hosting service, seizing servers that were spreading the Rustock spammer botnet.  Without its backbone, Rustock essentially died, taking approximately half of U.S. spam with it.

According to court documents the decision to reverse engineer the virus and shut down the infected machines was inspired a technique used by Dutch police in a separate case.  It was the first time such a technique had been employed in the U.S.

Mr. Paller applauds the U.S. Department of Justice (DOJ) and U.S. Federal Bureau of Investigations (FBI) efforts, stating, "This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it."

The Connecticut court's civil complaint was filed by the U.S. DOJ against the 13 foreign individuals believed to be running the botnet.  A criminal investigation is ongoing, and charges may follow.

Unfortunately the cybercriminals who masterminded the scheme appear to be outside U.S. jurisdiction -- likely in Russia.  Given the Russian government's questionable resolve on cybersecurity, it's possible that those involved will get away with the lot.