Internet Systems Consortium
FBI Hijacks, Remotely Disables “Coreflood” Botnet
p style="text-align: center;">In an unprecedented move, the FBI has seized control of a malicious botnet and remotely disabled the malicious software on infected computers. The botnet in question, called "Coreflood" allows its operators to harvest financial information from over 2 million infected machines for nearly a decade. The FBI's attack on the coreflood botnet began Tuesday, after receiving permission from the Department of Justice. In their request to the DOJ, the FBI sought to allow the Internet Systems Consortium to assist in the beheading and hijacking of the coreflood. Wired reports:
According to the filing, ISC, under law enforcement supervision, planned to replace the servers with servers that it controlled, then collect the IP addresses of all infected machines communicating with the criminal servers, and send a remote “stop” command to infected machines to disable the Coreflood malware operating on them.Interestingly, Coreflood reactivates each time the infected computer reboots, meaning that the FBI must continue to broadcast its kill command. As part of a long-term solution, the FBI is using IP information to inform infected users and Microsoft included an update to its Malicious Software Removal tool to remove Coreflood. This is the first time that United States law enforcement has not only disabled a botnet, but broadcast information directly to private computers.Read on...