http://www.fbi.gov/news/stories/2011/april/botnet_041411/botnet_041411
Botnet Operation Disabled
FBI Seizes Servers to Stop Cyber Fraud
04/14/11
In an unprecedented move in the fight against cyber crime, the FBI has
disrupted an international cyber fraud operation by seizing the servers that
had infected as many as two million computers with malicious software.
Botnets are networks of virus-infected computers controlled remotely by an
attacker. They can be used to steal funds, hijack identities, and commit
other crimes. The botnet in this case involves the potent Coreflood virus, a
key-logging program that allows cyber thieves to steal personal and
financial information by recording unsuspecting users' every keystroke.
Woman typing on laptop
The Coreflood Virus
The Coreflood virus infects only Microsoft Windows-based computers.
Generally, most users will not be able to tell if their computers are
infected. It is therefore important to take the following steps:
- Make sure your Microsoft Windows Automatic Updates are turned on;
- Run anti-virus programs and ensure that theyare up to date;
- Run a security firewall on your computer; and
- Check your online banking and credit history to make sure you have not
been compromised. If you have been compromised, contact your financial
institution.
To learn more about what you can do to protect your computer, including how
to download and receive updates on security vulnerabilities, go to the
following sites operated by U.S. Computer Emergency Readiness Team (CERT)
and the Federal Trade Commission, respectively: us-cert.gov/nav/nt01 and
onguardonline.gov/topics/malware.aspx.
Once a computer or network of computers is infected by Coreflood-infection
may occur when users open a malicious e-mail attachment-thieves control the
malware through remote servers. The Department of Justice yesterday received
search warrants to effectively disable the Coreflood botnet by seizing the
five U.S. servers used by the hackers.
"Botnets and the cyber criminals who deploy them jeopardize the economic
security of the United States and the dependability of the nation's
information infrastructure," said Shawn Henry, executive assistant director
of the FBI's Criminal, Cyber, Response, and Services Branch. "These actions
to mitigate the threat posed by the Coreflood botnet are the first of their
kind in the United States," Henry noted, "and reflect our commitment to
being creative and proactive in making the Internet more secure."
Now that we have interrupted the operation of the botnet servers, our cyber
specialists can prevent Coreflood from sending stolen financial information
to the cyber thieves. But victims' computers still remain infected. That's
why we have been working closely with our private-sector partners.
Anti-virus companies are developing updated signatures to detect and remove
Coreflood. To disinfect Microsoft Windows-based systems-and to keep them
virus free-users are encouraged to run anti-virus software and to keep their
Microsoft Windows Updates current (see sidebar).
Victimized computers that have not been disinfected using anti-virus
software updates will continue to attempt to contact the Coreflood botnet
servers. When this happens, we will respond by issuing a temporary stop
command to the virus and then alert that user's Internet service provider
(ISP), who will inform the customer that their computer is still infected.
At no time will we be collecting any personal data from victim computers.
"For most infected users who are conscientious about keeping their
anti-virus programs up to date, the process of disinfection will be as
invisible as the Coreflood infection was itself," said one of our cyber
agents. Still, there is a process in place with ISPs to make sure
notification occurs if necessary.
We began our Coreflood investigation in April 2009 when a Connecticut-based
company realized that hundreds of computers on its networks had been
infected. Before we shut down the Coreflood operation, cyber thieves made
numerous fraudulent wire transfers, costing companies hundreds of thousands
of dollars.
Yesterday, a civil complaint was filed in Connecticut against 13 "John Doe"
defendants, alleging that they engaged in wire fraud, bank fraud, and
illegal interception of electronic communications. Search warrants were
obtained for the command and control servers in Arizona, Georgia, Texas,
Ohio, and California. And a seizure warrant was issued in Connecticut for 29
Internet domain names used by the thieves.
[Non-text portions of this message have been removed]
------------------------------------
--------------------------
Want to discuss this topic? Head on over to our discussion list,
[email protected].
--------------------------
Brooks Isoldi, editor
[email protected]
http://www.intellnet.org
Post message: [email protected]
Subscribe: [email protected]
Unsubscribe: [email protected]
*** FAIR USE NOTICE. This message contains copyrighted material whose use has
not been specifically authorized by the copyright owner. OSINT, as a part of
The Intelligence Network, is making it available without profit to OSINT
YahooGroups members who have expressed a prior interest in receiving the
included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational purposes
only. We believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish to use
this copyrighted material for purposes of your own that go beyond 'fair use,'
you must obtain permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/osint/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/osint/join
(Yahoo! ID required)
<*> To change settings via email:
[email protected]
[email protected]
<*> To unsubscribe from this group, send an email to:
[email protected]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
