|28 Apr 2011||#1|
| || |
FBI vs. Coreflood botnet: round one goes to the Feds
The FBI’s unprecedented effort to behead the Coreflood botnet—comprised of millions of hacked Windows machines—appears to be working, at least for now. The bureau has tracked a dramatic decline in the number of pings from the botnet since the takedown operation began earlier this month, according to court documents filed by the Justice Department on Monday.
The number of pings from infected US systems plummeted from nearly 800,000 to less than 100,000 in about a week after authorities began sending out “stop” commands to those machines—a drop of nearly 90 percent. Pings from infected computers outside the US have also dropped about 75 percent, likely as a result of a parallel outreach effort to foreign ISPs.
The government’s efforts have “temporarily stopped Coreflood from running on infected computers in the United States,” writes the government in its filing, “and have stopped Coreflood from updating itself, thereby enabling anti-virus software vendors to release new virus signatures that can recognize the latest versions of Coreflood.”
A new filing from the Justice Department to the federal court includes a request to allow the FBI to keep doing what they have been doing for another month, and also intimates that the government might soon be asking of the court to allow them to instruct the computers to deinstall the Coreflood malware - a potentially historical first request of this kind in the U.S.
They maintain that they have tested the process on purposely infected computers and that there were no adverse effects to the machines. And even thought they say that they will not be doing anything else on the affected computers - for example examining their contents - there will surely be some users averse to the idea. If this request is granted, the government will likely allow them to opt out of the "procedure".
The fact that this action allowed the FBI to gather the IP addresses of the affected computers and track them down to the actual (U.S.) owners has revealed that some infected computers belong to defense contractors, state and local government agencies, airports, hospitals, educational organizations, financial institutions and a great number of businesses in general.
The FBI has used these lists of IP addresses to get help from the U.S. ISPs with contacting the affected users and explaining them the situation. When it comes to infected computers in the rest of the world, the bureau notified the appropriate foreign law enforcement agencies so that they could notify their countries' ISPs and users.
|My System Specs|
|Similar help and support threads for2: FBI vs. Coreflood botnet: round one goes to the Feds|
|Feds tell Web firms to turn over user account passwords||Security News|
|Feds considering allowing DVD-encryption cracking.||Music, Pictures & Video|
|Feds crack multi-million scareware ring||Security News|
|FBI Kills Coreflood Botnet Using Replacement Servers||Security News|
|Feds Eye Apple for Antitrust Probe||News|