Sections
Neighborhoods
Features
Follow Us
NHI Newsletter
Legal Notices
Some Favorite Sites
- At Risk for HD
- barista
- Branford Eagle
- Business NH
- Chris Volpe Photography
- Crosscut
- CT Capitol Report
- CT Enviro Headlines
- CT Local Politics
- CT Mirror
- CT News Junkie
- CT Watchdog
- Design New Haven
- Gotham Gazette
- I Love New Haven
- Josiah Brown
- Karman Turn
- La Voz Hispana
- Laurel Club
- Media Nation
- Middletown Eye
- MinnPost
- My Left Nutmeg
- NH Register
- NH Review of Books
- NHV.org
- OneWorld
- Only In Bridgeport
- Oral History Project
- Reddit NH
- See Click Fix
- Smartpill Design
- St. Louis Beacon
- Taste Of NH
- Tom Ficklin
- Valley Independent Sentinel
- Voice of SD
- VT Digger
- WTNH
- Yale Daily News
Government/ Community Links
- Advocate Calendar
- Agency on Aging
- Animal Shelter Volunteers
- Arte Inc.
- Arts Council
- Beth El Keser Israel
- Bike New Haven
- Cancer Support
- Chabad of Westville
- Chamber of Commerce
- Children’s Museum
- City of New Haven
- CitySeed
- Citywide Youth
- Community Loan Fund
- Community Mediation
- ConnCAN
- Creative Arts Workshop
- CT BAEO
- CT Best Restaurants
- CT Tech Council
- Dariba Referrals
- Data Haven
- Elm City Cycling
- Elmseed
- Empower NH
- Friends Of Wooster Sq.
- GAVA
- GNH Community Chorus
- Habitat For Humanity
- Info New Haven
- IRIS
- Jazz Haven
- Jewish Federation
- Job Finder
- Junta
- Labor History
- LEAP
- Legal Aid Network
- Literacy Coalition
- Magrisso Forte
- Mary Wade
- Music Haven
- Neighborhood Music School
- New Haven 828
- New Haven Chorale
- New Haven Reads
- New Life Corp.
- NH Bulletin
- NH Land Trust
- NH Symphony
- NH/Leon Sister City
- NHS
- Orchestra NE
- PAR
- Parents Available to Help
- Pat Dillon
- Peace News
- PechaKucha
- Planned Parenthood
- Police
- Promoting Enduring Peace
- Public Allies CT
- Public Library
- Public Schools
- Public Works
- Rainbow Girls
- Register Calendar
- REX
- ROOF
- SAMA
- SCSU Events
- Share Our Voices
- Shubert
- Solar Youth
- Soul-O-Ettes
- Squash Haven
- United Way
- Urban Design League
- Urban Resources Initiative
- Ward 25 Blog
- Ward 26 Blog
- Westville Renaissance
- Westville Synagogue
- Workforce Alliance
- Yale Events
- Yeshiva NH Shul
- Yeshiva Of NH
- Youth Continuum
Feds Take Down “Botnet”
by Thomas MacMillan | Apr 14, 2011 3:52 pm
(5) Comments | Commenting has been closed | E-mail the Author
Posted to: Legal Writes
Federal agents working out of their downtown New Haven office have cracked a malicious software ring that has infected over 2 million computers worldwide, using “command and control” servers to create a “Coreflood botnet.”
It was part of massive fraud ring that stole personal and financial data and bank funds, according to the U.S. Department of Justice.
A Wednesday press release from the Department of Justice and the FBI announced a civil complaint against 13 “John Does” involved in the case, along with the execution of criminal seizure warrants, and the issuance of a temporary restraining order. The release called it the “most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet.”
A botnet is a collection of computers that have been taken over by a hacker and are controlled remotely. In this case, according to feds, the perpetrators created a botnet of hundreds of thousands of computers infected with a software called Coreflood. It’s a program that exploits a weakness in the Microsoft Windows operating system to control computers remotely. The program can log user keystrokes to steal passwords and personal data.
Wednesday’s release “strongly encouraged” people to make sure they are using security software that’s regularly updated, and that they are regularly scanning their computers for viruses. The release listed two websites (here and here) with more information on how to protect your computer.
The Connecticut U.S. Attorney’s office has brought the complaint against the 13 unnamed defendants. They are accused of wire fraud, bank fraud, and illegal interception of electronic communications.
“In addition, search warrants were obtained for computer servers throughout the country, and a seizure warrant was obtained in U.S. District Court for the District of Connecticut for 29 domain names,” the release states. “Finally, the government obtained a temporary restraining order (TRO), authorizing the government to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running, thereby preventing further harm to hundreds of thousands of unsuspecting users of infected computers in the United States.”
When Coreflood infects computers, it turns them into “bots,” without the user’s knowledge. The computer can then be controlled remotely by a “command and control server.” An infected computer is programmed to request commands from command and control servers, and the Coreflood software can thereby be updated to outpace anti-virus programs.
Coreflood can be used to steal usernames, passwords, and other personal and financial information. The 13 unnamed defendants allegedly used this information to steal funds from bank accounts. “They have stolen money from bank accounts in Michigan, North Carolina, South Carolina, Tennessee, and probably many others,” states a memo of law accompanying the press release.
The group of computers controlled by Coreflood is known as the “Coreflood botnet.” Investigators believe the Coreflood botnet has been operating for almost 10 years and has infected over two million computers worldwide. Feds estimate that the defendants have infected over a million computers in the U.S., including thousands in Connecticut.
On Wednesday federal agents seized five command and control servers that were remotely controlling hundreds of thousands of Coreflood-infected servers. The servers were replaced with government computers that will send commands that will temporarily stop Coreflood from running on infected computers. The press release states that this does not guarantee that Coreflood has been removed from the internet entirely. The best defense against malicious botnets is regularly updated anti-virus software, according to the release.
Tags: Coreflood, Botnets
Post a Comment
Comments
posted by: J Gehrer on April 14, 2011 9:11am
Yet another reason to dump windoze and upgrade to a Mac…
posted by: Edison on April 14, 2011 1:19pm
@J Gehrer At every hacking conference Macs are always the first to get compromised. You Mac users don’t get as much malware simply because you’re such a small user base that it’s not worth the time and expense for malware authors to write malware for your machines. “Security throught Obscurity” is the motto of Mac fanbios. It happens to work, at least for now.
I remove malware as part of my job and lately I’ve seen a rootkit named TSS rear its ugly head. It allows a remote user to completely control a computer. After going through the log files, I’ve seen where the bad guys used a machine for DDOS attack, logged keystrokes and finally securely delete the user files then trashed the os.
posted by: J. Gehrer on April 14, 2011 3:19pm
I understand your point, Edison, but I have never heard of anyone I know getting any malware, viruses, and trojans on their Macs.
I use a router, update my software, am careful what I download, and don’t go to hacker conferences.
Maybe someday Mac users will have to use additional security s/w, but in the meantime, while my pc -using associates waste endless hours trading emails on the latest virus threat and re-installing their operating systems, I’ll continue to get actual work done.
posted by: Edison on April 14, 2011 3:47pm
Hey J Gehrer, Have your PC firends get Kaspersky Internet Security installed on their machines and they should not have any more problems with malware. It is the best and more comprehensive anti-malware suite available.
It’s also available for the Mac platform & you might want to consider getting it, or another anti-malware program as Macs are getting infected. Not as much as PCs but the danger is there and is growing.
A router tip for everyone: make sure access to your router is password protected.
Do not use the default password.
I have seen seveal instances of routers having the DNS changed so that all traffic passes through a phantom DNS thus redirecting the user to pages that look just like PayPal, EBay, their bank, etc.
The user logs on to one of these fake sites and their login info ends up being sold to the highest bidder.
Note this happens outside of the computer & there’s no malware software that can protect you.
Also, be sure to encrypt your wireless connection. The routers in the above scenario were hacked by someone that sat in their car and used their laptop to access an un-protected wireless network.
posted by: Elli Davis on April 18, 2011 2:14pm
Very nice haul by government. 500 gigabytes of stolen data, that’s not something you get back everyday.
As Mr. Fried said “We finally saw exactly how effective law enforcement and our judicial system can be when they attack problems using strategic rather than political methods” in other words - YOU DID SOMETHING AT LAST!
David
