backtop


Print 44 comment(s) - last by ipay.. on Apr 19 at 12:13 PM


Thanks to over a hundred updates, the Coreflood botnet survived and evolved for 10 years. It is estimated to have stolen up to $100M USD.  (Source: V3)

The hackers involved are suspected of being located in Russia. It is very possible that they will get away with their massive loot.  (Source: Richard Kiwi)
Complaint has been issued against 13 foreign nationals, but there's no promises they won't get away with the loot

It took ten years, but the U.S. finally has killed [press release and court documents] a notorious botnet spread by an ever-evolving virus known as "Coreflood".  The botnet had been active since 2001, slowly building up an arsenal of 2 million computers worldwide, with the help of helper malware.  It is responsible for stealing an estimated $100M USD worldwide from businesses and individuals.

A botnet is a group of infected machines that can be coordinated to steal information from the users of the machines.  They can also be controlled to send malicious files, spam, phishing emails, or other unsavory contents.

The creators of Coreflood took special care in honing their attack package.  What began as a trojan received over 100 updates, eventually gaining viral characteristics and the ability to steal passwords and credit card information.

The creators of the botnet used it as a vehicle to harvest information pertaining to bank accounts.  Using that information they initiated thousands of fraudulent banking and wire transactions.  A complaint filed in the U.S. District Court for the District of Connecticut reveals details of some of the losses -- a real estate company in Michigan lost $115,771 USD, a South Carolina law firm lost $78,421 USD, and a Tennessee defense contractor lost $241,866 USD.

It is believed that the botnet was run by at least 13 individuals operating out of Russia.  States Alan Paller, director of research at the SAN Institute, an anti-cybercrime nonprofit group, in an interview Reuters, "We're pretty sure a Russian crime group was behind it."

The feds long battle with Coreflood and the cybercriminals finally turned when agents seized servers that were spreading the botnet.  Describes the feds, "The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes."

The final straw against Coreflood occurred this month when agents completed the reverse engineering of the virus and instructed the infected machines to stop sending stolen data and shut down.

The feds' ability to kill Coreflood was the result of lessons learned in past incidents.  In March, following a suit by Microsoft Corp. (MSFT), federal agents raided a hosting service, seizing servers that were spreading the Rustock spammer botnet.  Without its backbone, Rustock essentially died, taking approximately half of U.S. spam with it.

According to court documents the decision to reverse engineer the virus and shut down the infected machines was inspired a technique used by Dutch police in a separate case.  It was the first time such a technique had been employed in the U.S.

Mr. Paller applauds the U.S. Department of Justice (DOJ) and U.S. Federal Bureau of Investigations (FBI) efforts, stating, "This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it."

The Connecticut court's civil complaint was filed by the U.S. DOJ against the 13 foreign individuals believed to be running the botnet.  A criminal investigation is ongoing, and charges may follow.

Unfortunately the cybercriminals who masterminded the scheme appear to be outside U.S. jurisdiction -- likely in Russia.  Given the Russian government's questionable resolve on cybersecurity, it's possible that those involved will get away with the lot.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: hmm
By KoolAidMan1 on 4/14/2011 9:56:52 PM , Rating: 1
Wealthy people and media businesses own Macs. Loads of cash to be had there. Other places with loads of money on their hands use Linux, things like trading desks, hedge funds, and exchanges.

Either the criminals thought it was easier to break through the swiss cheese security of Windows XP run by "the little guy", it being hands down the most insecure modern OS ever, or they loved money but they didn't love it too much.

I reckon its the former.

It isn't brain surgery why XP has been the #1 target for malware. Being admin/root by default is a security disaster. So glad that Vista and Windows 7 caught up with OSX/Linux and fixed this, now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.


RE: hmm
By B3an on 4/15/2011 6:09:24 AM , Rating: 1
quote:
now the main vector for malware on Windows is Java/Flash/the-rest-of-Adobe's-crap/any-other-plugi n-you-can-think-of.


Thats not true. Regardless of what the iSheep/Jobs say Flash isn't much of a security risk. Although i can certainly understand Jobs being worried about Flash anyway being as OSX isn't exactly a shining example of a secure OS.

The biggest threat by far to Vista/7 or any OS are the users. Atleast 98% of malware/viruses must be from by people downloading executable files, fake software and all kinds of stuff, ignoring the security messages, and installing it. I use to fix hundreds of machines a year because people do this, half of them often had anti-virus/malware protection software running, but thats obviously completely useless against the user.

Literally 3 hours ago this happened to a friend, again, they just downloaded some random "video acceleration" software that poped up in an advertisement, which installed malware and made every site link they clicked on go to some dodgy site.
I've actually never seen a case where Vista/7 64-bit seem to have been compromised because of a security flaw in the actual OS.


RE: hmm
By KoolAidMan1 on 4/15/2011 2:13:45 PM , Rating: 2
Trojans will always be a security risk, absolutely. There is nothing to stop people from executing software that can harm their computer, but at least it now requires an elevation of user rights and it is a little harder for that to happen.

That said, Java/Flash/Reader are still the easiest vectors for malware outside of a user running malicious software himself. Just last week there were stories (again) of zero-day exploits within Flash. It isn't a matter of fanboyism or whatever, it is a problem that Adobe and Sun are constantly having to address.

Fortunately Microsoft has the vectors for malware plugged up well within their own OS, now the rest lies upon users and the companies that make third party plug-ins.


RE: hmm
By rudy on 4/15/2011 2:55:49 PM , Rating: 2
Of course it is not brain surgery but apparently it is beyond you. This is a simple matter of numbers.

Let me see build a virus that targets mac, linux or both and then see if I can get 2 million infections. Lets say that there every person in the US has a computer 300 million and lets generously say that 10% of them own a mac or linux machine. That is 30 million now you must infect 6.7% of them to achieve that. As far as I know no virus has ever in the history of computers infected 6.7% of computers. Now take windows 270 million users less than 1% of the population needs to be infected over a 10 year period.

If you are any one with half a brain what customer base are you going after? 90% or the rest?

Don't worry though now that macs are on the incline we are already seeing that they are becoming a target.

Lets look at another thing there is a market where linux has a huge share that is in web servers. In web servers attacks and compromised web servers are common place it has happened to me personally and has happened on my servers with out me personally being infected multiple times since I started running websites. Anyone who knows anything abotu web hosting knows for sure that there is nothing inherently secure about linux it is hit by exploits all the time.

And as always with either desktop or server OS the most common cause is the users not the OS, and of course not keeping your programs and scripts up to date.


RE: hmm
By KoolAidMan1 on 4/18/2011 4:01:39 AM , Rating: 1
Wow, I liked the rest of your post, too bad you had to open up with an incredibly shitty opening. Congrats!


RE: hmm
By RedemptionAD on 4/15/2011 11:27:09 PM , Rating: 3
"Windows is like a house in the bad part of town with bars over the windows and Mac is like living in a house in the country without any locks on the doors." ~The bottom of dailytech pages. Put the windows house in the country and it would be impossible to break into. Put the mac house in the windows part of town and a stray cat could break in.


"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki