Search
Forum Home | Login
ShadowWar
ShadowWar
Join Date 06/2004
0

Feds take ‘Coreflood Botnet’: ‘Zombie’ army may have infected 2 Million computers, stolen hundreds of millions of dollars.

External Link
April 15, 2011 9:26:00 AM from JoeUser ForumsJoeUser Forums

The FBI and the U.S. Justice Department (DOJ) said April 13 they have disabled a "botnet" of more than 2 million computers infected with malicious code that Eastern European cyber criminals may have used to drain millions of dollars from bank accounts around the world. U.S. authorities continue to combat the network of remotely controlled computers called the "Coreflood" botnet, which has secretly recorded computer users’ keystrokes to compromise vast amounts of banking and financial data. Coreflood is believed to have been operating since 2002 and has resulted in an unknown number of U.S. bank accounts being broken into with losses that could be in the hundreds of millions of dollars, according to FBI officials. DOJ and the FBI filed a civil complaint against 13 "John Doe" defendants, charging them with wire fraud, bank fraud, and illegal interception of electronic communications. The FBI and DOJ also have executed search warrants to seize Internet domain names believed tied to the control servers for the Coreflood program. Investigators received a temporary restraining order allowing them to seize control of the infected servers to try to further dismantle and disable the botnet.

internet
Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
DrJBHL
Join Date 04/2002
+4133
Reply #1 April 15, 2011 9:37:48 AM
from WinCustomize ForumsWinCustomize Forums

This time they're doing it the right way:

The Federal Judge allowed them to supplant the Command and Control servers with their own, so when the nasty "dial home" software does, the FBI servers shut the malware down and notify the relevant ISP which sends an email of how to clean out the malware.

This is important because Coreflood distributed financial id stealing software.

If you get an email from your ISP concerning this, do as it describes, and also get in touch with some folks to help repair the damage done to your identity. 

The prior Rustock, etc. was incomplete as the software was left on the home pc's and ISP's weren't notified to follow up with their clients. 

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Dr Guy
Join Date 09/2004
+129
Reply #2 April 15, 2011 10:07:54 AM
from JoeUser ForumsJoeUser Forums

Quoting DrJBHL,
reply 1
The Federal Judge allowed them to supplant the Command and Control servers with their own, so when the nasty "dial home" software does, the FBI servers shut the malware down and notify the relevant ISP which sends an email of how to clean out the malware.

Government is slow to learn but it is heartening to see they can learn.

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
DaveRI
Join Date 09/2003
+470
Reply #3 April 15, 2011 12:00:13 PM
from WinCustomize ForumsWinCustomize Forums

Quoting DrJBHL,
reply 1
If you get an email from your ISP concerning this, do as it describes,

Problem is that I'd figure it was a fake and delete it without reading it.

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
ShadowWar
Join Date 06/2004
0
Reply #4 April 19, 2011 7:46:18 AM
from JoeUser ForumsJoeUser Forums

Quoting DaveRI,
comment 3
DrJBHLreply 1If you get an email from your ISP concerning this, do as it describes,Problem is that I'd figure it was a fake and delete it without reading it.

Thats exactly what I was thinking also! One will have to know about this exploit to know to maybe expect an e-mail. It will be hard to convince those that are security minded to even read the e-mail. But since most people are not that careful, it will probably work for the majority.

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Dr Guy
Join Date 09/2004
+129
Reply #5 April 19, 2011 1:51:27 PM
from JoeUser ForumsJoeUser Forums

Quoting ShadowWar,
reply 4
But since most people are not that careful, it will probably work for the majority.

yea, I still hear about people who "send money'. In fact, I just got a new letter from someone saying they had sent money, been screwed and got help from some flunky in Nigeria!  I wonder if anyone is going to fall for the latest ploy?

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Uvah
Join Date 05/2006
+874
Reply #6 April 19, 2011 8:51:07 PM
from WinCustomize ForumsWinCustomize Forums

Quoting Dr Guy,
reply 5
I wonder if anyone is going to fall for the latest ploy?

I wonder how may are going to fall for the latest ploy.

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
WebGizmos
Join Date 09/2003
+735
Reply #7 April 20, 2011 4:04:31 AM
from WinCustomize ForumsWinCustomize Forums

Didn't really correcting...but if your going to do it...

Quoting Uvah,
reply 6
I wonder how may are going to fall for the latest ploy.

I wonder how many are going to fall for the latest ploy?

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Uvah
Join Date 05/2006
+874
Reply #8 April 20, 2011 4:31:28 AM
from WinCustomize ForumsWinCustomize Forums

DOH!

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
DrJBHL
Join Date 04/2002
+4133
Reply #9 April 20, 2011 5:56:35 AM
from WinCustomize ForumsWinCustomize Forums

I remember that in the thread about taking down the internet, people pooh-poohed the idea of 250,000 computers needing to be infected in order to do that.

What do you think now? 

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Uvah
Join Date 05/2006
+874
Reply #10 April 20, 2011 6:35:55 AM
from WinCustomize ForumsWinCustomize Forums

I think that if the Fed doesn't get a handle on this sort of thing real soon we all had better learn how to speak Chinese or Arabic or whichever one comes first. Probably Brooklynese. Those guy over there are nuts.

Reason for Karma (Optional)
Successfully updated karma reason!
ShadowWar
Dr Guy
Join Date 09/2004
+129
Reply #11 April 20, 2011 11:26:32 AM
from JoeUser ForumsJoeUser Forums

Quoting Uvah,
reply 6

Quoting Dr Guy, reply 5 I wonder if anyone is going to fall for the latest ploy?

I wonder how may are going to fall for the latest ploy.

Quoting WebGizmos,
reply 7
Didn't really correcting...but if your going to do it...


Quoting Uvah, reply 6I wonder how may are going to fall for the latest ploy.

I wonder how many are going to fall for the latest ploy?

Quoting Uvah,
reply 8
DOH!

Well I was going to give Uvah a kudos for correcting me, but do they go to WebGizmos now?

Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time:
Facebook Twitter YouTube Google+