US disables 'Coreflood' botnet, seizes servers

April 13, 2011 by Chris Lefkow
The US authorities have disabled a vast network of virus-infected computers used by cyber criminals to steal passwords and financial information, the Justice Department and FBI announced Wednesday.

US authorities on Wednesday announced the disabling of a vast network of virus-infected computers used by cyber criminals to steal millions of dollars.

The "Coreflood" botnet is believed to have operated for nearly a decade and to have infected more than two million computers around the world, the Justice Department and FBI said in a joint statement.

They said charges of wire fraud, bank fraud and illegal interception of electronic communications had been filed against 13 suspects identified in court papers only as John Doe 1, John Doe 2, etc.

The complaint said they were all "foreign nationals" but provided no further information about their identities or nationalities.

Five "command and control" computer servers and 29 Internet domain names were seized as part of the operation, described as the "most complete and comprehensive enforcement action ever taken by US authorities to disable an international botnet."

A botnet is a network of malware-infected computers that can be controlled remotely from other computers.

Coreflood, which exploited a vulnerability in computers running Microsoft's Windows operating systems, was used to steal usernames, passwords and other private personal and financial information, US officials said.

As of February 2010, some 2.33 million computers were part of the Coreflood botnet, including 1.85 million in the United States, according to the complaint filed with the US District Court for the District of Connecticut.

"Infected computers in the Coreflood botnet automatically recorded the keystrokes and Internet communications of unsuspecting users, including online banking credentials and passwords," the complaint said.

"The defendants and their co-conspirators used the stolen data, including online banking credentials and passwords, to direct fraudulent wire transfers from the bank accounts of their victims," it added.

The complaint said the full extent of the financial loss is not known but it provided details on a number of victims.

They included a real estate company in Michigan hit for $115,771 in fraudulent wire transfers, an investment company in North Carolina taken for $151,201 and a defense contractor in Tennessee which lost $241,866.

Dave Marcus, research and communications director at McAfee Labs, said the cyber criminals behind Coreflood were apparently able to "turn the botnet into a money making machine."

"It is hard to estimate the actual loot, but the criminals likely made tens of millions of dollars, based on the estimates in the complaint filed by the Department of Justice," Marcus said. "It is not outside of the realm of possibility that they netted more than $100 million."

US attorney David Fein said the seizure of the Coreflood servers and the Internet domain names "is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes."

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," added Shawn Henry of the FBI's Criminal, Cyber, Response and Services Branch.

In July of last year, US, Spanish and Slovenian law enforcement authorities announced the arrest of the suspected creator of the "Mariposa Botnet," which may have infected as many as eight million to 12 million computers around the world.

Explore further: Cyber mastermind arrested, questioned in Slovenia

Related Stories

Cyber mastermind arrested, questioned in Slovenia

July 28, 2010

(AP) -- A cyber mastermind from Slovenia who is suspected of creating a malicious software code that infected 12 million computers worldwide and orchestrating other huge cyberscams has been arrested and questioned, police ...

Authorities bust 3 in infection of 13M computers

March 2, 2010

(AP) -- Authorities have smashed one of the world's biggest networks of virus-infected computers. It was a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.

Huge 'botnet' amputated, but criminals reconnect

March 11, 2010

(AP) -- The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal ...

Computer forensics links internet postcards to virus

July 25, 2009

Fake Internet postcards circulating through e-mail inboxes worldwide are carrying links to the virus known as Zeus Bot, said Gary Warner, director of computer forensics at the University of Alabama at Birmingham (UAB). Zeus ...

Slovene police, FBI hail ties in cyber crime probe

July 30, 2010

(AP) -- An FBI official said Friday a two-year-long multinational investigation led them to nab a 23-year-old Slovenian, who allegedly created a malicious software code that infected 12 million computers worldwide.

Botnet Hijacking Steals 70GB of Data

May 5, 2009

( -- Security researchers have uncovered one of the most notorious zombie networks, the Torpig botnet, by collecting 70GB of data that was stolen in just 10 days.

Recommended for you

Click beetles inspire design of self-righting robots

September 25, 2017

Robots perform many tasks that humans can't or don't want to perform, getting around on intricately designed wheels and limbs. If they tip over, however, they are rendered almost useless. A team of University of Illinois ...

New technique spots warning signs of extreme events

September 22, 2017

Many extreme events—from a rogue wave that rises up from calm waters, to an instability inside a gas turbine, to the sudden extinction of a previously hardy wildlife species—seem to occur without warning. It's often impossible ...


Adjust slider to filter visible comments by rank

Display comments: newest first

2.4 / 5 (5) Apr 13, 2011
Find them and kill them. Unless they are the genius children computer savants that TV images.
4.3 / 5 (6) Apr 13, 2011
Agreed. Furthermore the penalty for many more things should also be death. For example, slow drivers should get a ticket just like speeding drivers to, but instead of a fine the penalty should be death.

There should be one way for anyone to challenge this conviction though, namely with a 'duel'. This 'duel' should take place in the town square or a country estate and the uniform must consist of beige pants and a tweed jacket.
3.8 / 5 (5) Apr 13, 2011
you will however not be allowed to wear a steel plate under your tweed jacket like clint eastwood
1 / 5 (1) Apr 13, 2011
The dutch police has taken a few botnets down to not to long ago.
4 / 5 (4) Apr 13, 2011
I think the death penalty should also be applied to people who make outrageous statements in the comments section of any web page, unless of course it could be proven that they were not of sound mind when they made them ;-)
1 / 5 (2) Apr 13, 2011
Or better yet, give each and every citizen right to bear arms so they can then decide who deserves to die on the spot... oh, wait...
not rated yet Apr 13, 2011
i thought this was an article about to remove and catch botflies. boy was i dissappointed
3 / 5 (2) Apr 14, 2011
I'm waiting for our Free Market and Property prophets to explain that governments should never interfere with the acts of companies as only the customers have the right to decide which products they are using.
3 / 5 (2) Apr 14, 2011
Agreed. Furthermore the penalty for many more things should also be death. For example, slow drivers should get a ticket ...instead of a fine the penalty should be death... namely with a 'duel'...and the uniform must consist of beige pants and a tweed jacket.

Except for the satorial requirement, I agree with the dueling concept. People, especially nameless people, would be much more polite.
For those who go all 'weepy' on my feelings about cyber-pirates. There is NO difference between criminals who, for a profit, steal or destroy your digital property and the sub-humans called 'pirates' who steal your oil tankers and murder innocent people.
If you believe years of work being stolen/destroyed is OK because it is digital, then you have never actually created anything.
Granted there are vandal kids who destroy digital work/systems because it is 'fun', 'fun' like throwing rotten eggs into a open car window. Vandalous kids should be punished. Pirates should be executed.
5 / 5 (1) Apr 14, 2011
Most average folks who pirate works for their own private use do so not because they want to steal, but because the distribution model does not allow them the ability to do as they wish with the items in question.

Were the Television broadcasters (oth and cable) to offer all of their shows for download, so i could view them when and where i want. With Commercials or Not, I would gladly pay a nominal fee for the service. Heck Over the Air broadcasters make their money off of commercials, were they to offer the shows for quick download, with the commercials, AND charged an additional fee they would make out like bandits.

Unfortunately Media companies not only have not moved with the times, but have done what they can to make sure that the television broadcast market not change with the advent of new technology.
5 / 5 (1) Apr 14, 2011
"Except for the satorial requirement..."
Sorry, typo, should 'sartorial'
5 / 5 (2) Apr 14, 2011
To J-n; and others, like whatever demon a 'Nodrog' is
To make myself clear(er). I have no problem with individuals downloading stuff, paid or not; I am not remotely concerned with the functionally insane broadcast system losing money...I could give a flat f*&k about a giggling youth with a delusional myopia stealing 'reality TV', degrading the streams and dumping it on youtube. I promoted Rock Concerts and facilitated national, hallucinogenic enlightenment for 10 years of college and law school, until a miscalculation concerning personnel enabled the Feds to relocate my address from '78 to '81.
Before my heart surgeries and resulting disability, I provided Mac based digital media: Electric Image, Photoshop, AfterEffects, Media 100, Final Cut etc to Procter and Gamble, Apple & others for nearly 20 years.
Stealing and/or destroying hard work for profit or terror is piracy. Grabbing entertainment for yourself is something that will be dealt with easily. There's lots of time...
not rated yet Apr 14, 2011
That definitely clears up your position on this. Thanks!
2.3 / 5 (3) Apr 14, 2011
Copying is not stealing. Whoever calls digital piracy "stealing" is a liar.
not rated yet Apr 14, 2011
OFF TO THE CAMPS!!!!!!!!!!!!
5 / 5 (1) Apr 14, 2011
Anyone who thinks he's a cigarette butt has a variety of problems.
not rated yet Apr 15, 2011
John Doe 1, John Doe 2, Would that be like John Doestein 1 and John Doeburg 2? LOL
not rated yet Apr 16, 2011
Copying is not stealing. Whoever calls digital piracy "stealing" is a liar.

Now that disgusting East Europeans and chinese pirate scum have targeted this site with a botnet spamming junk goods, I have to wonder if the proponent on this site of the 'worth' of 'hacking' is not in some way responsible for this stupidity
not rated yet Apr 16, 2011
I would go one step further in this. If there is a command that would purge the "bots" from infected computers, IMHO, the authorities should use it. Otherwise, this is now a zombie network just waiting for someone to sew on another head.

@rgwalther, I agree with you about piracy vs personal use. There have been studies done that the availability of material on the net promotes sales. Personally, I like to be able to preview entire songs before I buy. I don't like being stuck with things I do not like. In the case of music, there is no choice but to keep all recorded material you bought even if you decide it is disagreeable. Perhaps there are a few other industries where this is common practice, but in many industries there is a return period such that if you decide you are not satisfied with your purchase, you can get at least a partial refund.

I'll count music as part of the software industry in saying that when you buy, you are stuck with it once it is opened even if it is junk.
5 / 5 (1) Apr 16, 2011
Continued from my last post, what other industry can engage in legally selling junk with no consumer recourse? If you buy an automobile that is junk, there is the lemon law, and in many industries, selling junk you would be easily driven out of business.

It must be nice to be in an industry where you can legally sell junk and your consumers have no choice but to accept it.
5 / 5 (1) Apr 17, 2011
Find them and kill them. Unless they are the genius children computer savants that TV images.

Wouldn't all this be unnecessary if people just stopped using winderz ? Thier botnet would be quite ineffective then.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.