Print 44 comment(s) - last by ipay.. on Apr 19 at 12:13 PM

Thanks to over a hundred updates, the Coreflood botnet survived and evolved for 10 years. It is estimated to have stolen up to $100M USD.  (Source: V3)

The hackers involved are suspected of being located in Russia. It is very possible that they will get away with their massive loot.  (Source: Richard Kiwi)
Complaint has been issued against 13 foreign nationals, but there's no promises they won't get away with the loot

It took ten years, but the U.S. finally has killed [press release and court documents] a notorious botnet spread by an ever-evolving virus known as "Coreflood".  The botnet had been active since 2001, slowly building up an arsenal of 2 million computers worldwide, with the help of helper malware.  It is responsible for stealing an estimated $100M USD worldwide from businesses and individuals.

A botnet is a group of infected machines that can be coordinated to steal information from the users of the machines.  They can also be controlled to send malicious files, spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package.  What began as a trojan received over 100 updates, eventually gaining viral characteristics and the ability to steal passwords and credit card information.

The creators of the botnet used it as a vehicle to harvest information pertaining to bank accounts.  Using that information they initiated thousands of fraudulent banking and wire transactions.  A complaint filed in the U.S. District Court for the District of Connecticut reveals details of some of the losses -- a real estate company in Michigan lost $115,771 USD, a South Carolina law firm lost $78,421 USD, and a Tennessee defense contractor lost $241,866 USD.

It is believed that the botnet was run by at least 13 individuals operating out of Russia.  States Alan Paller, director of research at the SAN Institute, an anti-cybercrime nonprofit group, in an interview Reuters, "We're pretty sure a Russian crime group was behind it."

The feds long battle with Coreflood and the cybercriminals finally turned when agents seized servers that were spreading the botnet.  Describes the feds, "The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes."

The final straw against Coreflood occurred this month when agents completed the reverse engineering of the virus and instructed the infected machines to stop sending stolen data and shut down.

The feds' ability to kill Coreflood was the result of lessons learned in past incidents.  In March, following a suit by Microsoft Corp. (MSFT), federal agents raided a hosting service, seizing servers that were spreading the Rustock spammer botnet.  Without its backbone, Rustock essentially died, taking approximately half of U.S. spam with it.

According to court documents the decision to reverse engineer the virus and shut down the infected machines was inspired a technique used by Dutch police in a separate case.  It was the first time such a technique had been employed in the U.S.

Mr. Paller applauds the U.S. Department of Justice (DOJ) and U.S. Federal Bureau of Investigations (FBI) efforts, stating, "This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it."

The Connecticut court's civil complaint was filed by the U.S. DOJ against the 13 foreign individuals believed to be running the botnet.  A criminal investigation is ongoing, and charges may follow.

Unfortunately the cybercriminals who masterminded the scheme appear to be outside U.S. jurisdiction -- likely in Russia.  Given the Russian government's questionable resolve on cybersecurity, it's possible that those involved will get away with the lot.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: hmm
By headbox on 4/14/2011 1:55:07 PM , Rating: -1
When you're rewriting someone else's press release and calling it "news", you don't have time for proofreading. Lack of an editor (or MS Word error correction) is a DT trademark.

btw- why didn't he mention none of the infected computers were Macs?

RE: hmm
By morphologia on 4/14/2011 3:06:02 PM , Rating: 5
It must really take a faithful devotion to absolutely useless commentary to think that your opinion of how DT does things matters at all.

Criticizing a newsblog for repeating news from around the world - which about 90% of news sites do - and calling it a failing on their part, are you really that dense? There's a very small portion of original news sources that are quoted, cited and referred to by EVERYONE ELSE IN THE WORLD.

Do you really think that every news outlet should only publish their own exclusive stories? There's not enough news in the world for that, and no one cares about anything but the major stories anyway.

As for your Mac crack, the answer is because (a) you can't know that for sure, since there's enough emulation, cross-compatibility and sheer ignorance among Mac users and software that Macs could have been involved, and (b) because it's not important, except to howling fanbois (on both sides of the debate).

Now that I have provided you with much-needed education, perhaps you can contribute something besides inane pseudo-journalistic criticism to this discussion.

RE: hmm
By nstott on 4/14/2011 3:22:06 PM , Rating: 3
and calling it a failing on their part, are you really that dense?

Yes. He/She/It is.

RE: hmm
By YashBudini on 4/15/11, Rating: -1
RE: hmm
By nstott on 4/14/2011 3:18:11 PM , Rating: 4
When you're rewriting someone else's press release and calling it "news", you don't have time for proofreading. Lack of an editor (or MS Word error correction) is a DT trademark.

And yet you still come back for more...

btw- why didn't he mention none of the infected computers were Macs?

There are so many ways to answer this (other DT people, please feel free to add more):

A. Because he was afraid that mactards like you would spaz out and hurt yourselves.

B. Because Macs are for people who don't know how to use computers, and the cyber criminals know that all of the money is more likely to be in mommy and daddy's bank accounts. Wanna lollipop?

C. For the same reason he didn't mention that you have gonorrhea: It's irrelevant.

RE: hmm
By KoolAidMan1 on 4/14/2011 9:56:52 PM , Rating: 1
Wealthy people and media businesses own Macs. Loads of cash to be had there. Other places with loads of money on their hands use Linux, things like trading desks, hedge funds, and exchanges.

Either the criminals thought it was easier to break through the swiss cheese security of Windows XP run by "the little guy", it being hands down the most insecure modern OS ever, or they loved money but they didn't love it too much.

I reckon its the former.

It isn't brain surgery why XP has been the #1 target for malware. Being admin/root by default is a security disaster. So glad that Vista and Windows 7 caught up with OSX/Linux and fixed this, now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.

RE: hmm
By B3an on 4/15/2011 6:09:24 AM , Rating: 1
now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.

Thats not true. Regardless of what the iSheep/Jobs say Flash isn't much of a security risk. Although i can certainly understand Jobs being worried about Flash anyway being as OSX isn't exactly a shining example of a secure OS.

The biggest threat by far to Vista/7 or any OS are the users. Atleast 98% of malware/viruses must be from by people downloading executable files, fake software and all kinds of stuff, ignoring the security messages, and installing it. I use to fix hundreds of machines a year because people do this, half of them often had anti-virus/malware protection software running, but thats obviously completely useless against the user.

Literally 3 hours ago this happened to a friend, again, they just downloaded some random "video acceleration" software that poped up in an advertisement, which installed malware and made every site link they clicked on go to some dodgy site.
I've actually never seen a case where Vista/7 64-bit seem to have been compromised because of a security flaw in the actual OS.

RE: hmm
By KoolAidMan1 on 4/15/2011 2:13:45 PM , Rating: 2
Trojans will always be a security risk, absolutely. There is nothing to stop people from executing software that can harm their computer, but at least it now requires an elevation of user rights and it is a little harder for that to happen.

That said, Java/Flash/Reader are still the easiest vectors for malware outside of a user running malicious software himself. Just last week there were stories (again) of zero-day exploits within Flash. It isn't a matter of fanboyism or whatever, it is a problem that Adobe and Sun are constantly having to address.

Fortunately Microsoft has the vectors for malware plugged up well within their own OS, now the rest lies upon users and the companies that make third party plug-ins.

RE: hmm
By rudy on 4/15/2011 2:55:49 PM , Rating: 2
Of course it is not brain surgery but apparently it is beyond you. This is a simple matter of numbers.

Let me see build a virus that targets mac, linux or both and then see if I can get 2 million infections. Lets say that there every person in the US has a computer 300 million and lets generously say that 10% of them own a mac or linux machine. That is 30 million now you must infect 6.7% of them to achieve that. As far as I know no virus has ever in the history of computers infected 6.7% of computers. Now take windows 270 million users less than 1% of the population needs to be infected over a 10 year period.

If you are any one with half a brain what customer base are you going after? 90% or the rest?

Don't worry though now that macs are on the incline we are already seeing that they are becoming a target.

Lets look at another thing there is a market where linux has a huge share that is in web servers. In web servers attacks and compromised web servers are common place it has happened to me personally and has happened on my servers with out me personally being infected multiple times since I started running websites. Anyone who knows anything abotu web hosting knows for sure that there is nothing inherently secure about linux it is hit by exploits all the time.

And as always with either desktop or server OS the most common cause is the users not the OS, and of course not keeping your programs and scripts up to date.

RE: hmm
By KoolAidMan1 on 4/18/2011 4:01:39 AM , Rating: 1
Wow, I liked the rest of your post, too bad you had to open up with an incredibly shitty opening. Congrats!

RE: hmm
By RedemptionAD on 4/15/2011 11:27:09 PM , Rating: 3
"Windows is like a house in the bad part of town with bars over the windows and Mac is like living in a house in the country without any locks on the doors." ~The bottom of dailytech pages. Put the windows house in the country and it would be impossible to break into. Put the mac house in the windows part of town and a stray cat could break in.

RE: hmm
By drycrust3 on 4/14/2011 4:01:17 PM , Rating: 2
why didn't he mention none of the infected computers were Macs

Yes, I noticed there was no mention of Microsoft, Windows, or IE as well. Each of those firms that lost money could have downloaded a free Linux distribution like Ubuntu and used that for most of their business, and not only been totally ignorant of the botnet, but been unaffected by it as well.
The sad part is that while the management at those firms probably didn't know about Linux, their IT people would have, and should have got them using it for most or all of their day to day business.
Probably the reason no mention was made that users of free Linux distributions or Mac weren't affected is because lots of people like to perpetuate the myth that Windows (any version) is essential in the modern office environment, although my observation is that it isn't.

RE: hmm
By Reclaimer77 on 4/14/2011 4:09:16 PM , Rating: 4
btw- why didn't he mention none of the infected computers were Macs?

Because Mac's aren't good at making money, even if it's stealing it. Which explains why Windows has a 99% market share in businesses.

RE: hmm
By ipay on 4/19/2011 12:13:27 PM , Rating: 1
Same reason didn't he mention none of the infected computers were Amigas?

"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes
Related Articles

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki