Fbi Shuts Down One Of The Largest Botnet Operation That Hijacked More Than Two Million Computers

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

The Internet is probably the most widely used form of communication on earth and our dependency on it increases every day. Almost anything can be conducted on the internet, and with such widespread use, the number of cyber criminal activities also increases.
Recently, the Federal Bureau of Investigation succeeded in disrupting an international cyber crime syndicate; a botnet operation that had affected two million computers. A botnet is a collection of infected computers or bots that have been taken over by hackers and are used to perform malicious tasks or functions. A computer becomes a bot when it downloads a file (e.g., an email attachment) that has bot software embedded in it.
The FBI had seized the servers which had been hosting the botnet, named Coreflood. Coreflood infected people's computers by installing a key logging program. Key loggers allow cyber thieves to steal personal and financial information by monitoring and recording users' keystrokes. The infection happens when a user opens a malicious email attachment and the malware is subsequently controlled by the attacker via a remote server.
Authorities ...
... believed that Coreflood infected more than two million PCs, enslaving them into a botnet that grabbed banking credentials and other sensitive data. Its masters then used the details to steal funds via fraudulent banking and wire transactions, the US Department of Justice said yesterday. The vast majority of the infected machines were in the US, but the criminal gang was likely based overseas. Security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.
Security experts are pretty sure the Russians were behind it. A civil complaint against 13 unnamed foreign nationals was also filed by the US district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation. "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response, and Services Branch, said in a statement.
Coreflood started out as an internet relay chat (IRC) bot used for attacking other IRC users. Over time however, it evolved into a TCP proxy as part of an anonymity service, and then later into a full-fledged info stealer Trojan. The last several years Coreflood has maintained a low profile while other more prolific botnets came to the forefront of public attention. However, just recently the group behind Coreflood escalated their activity until it was brought down by the FBI.
In 2008, a ring of cyber bank robbers from southern Russia breached inside company networks. They infected every PC within reach with a custom-made data-stealing program using Coreflood. The Coreflood Gang infected swaths of PCs inside thousands of companies, hospitals, universities and government agencies, says SecureWorks researcher Joe Stewart, who has tracked and documented the spread of Coreflood over that period.
Says F-Secure researcher Patrik Runald, "This is very organized crime. These gangs are hiring people and making tons of money”. The Coreflood Gang is among the most sophisticated. "It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," Stewart says. "It can capture anything."
A workplace PC can get a new infection each time someone logs on. A county school district, a hotel chain and a health care company were the most infected. US Government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. It was the first time US authorities had used this method to shut down a botnet, according to court documents. "The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," US Attorney David Fein said in a statement.
Companies need to secure their network security. IT professionals need to understand the latest hacking trips and methodologies that are out there by undergoing technical security training programs. EC-Council’s brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program.
The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

ABOUT EC-COUNCIL:
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training, the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 84 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series.