U.S. Lawsuit Targets Coreflood Botnet Perpetrators

Individuals responsible for the Coreflood botnet and its malware face legal scrutiny after the U.S. government announced lawsuits on Wednesday.

The U.S. Department of Justice and the Federal Bureau of Investigation are working together to bring down the Coreflood botnet, which operates internationally. The effort involves 13 civil complaints, including temporary restraining orders and criminal seizure warrants, which were filed against unidentified individuals associated with the malware ring.

Five command and control servers and 29 U.S. registered domain names associated with the group have already been seized since the joint task force went into action. The DoJ is now working with foreign government officials to apprehend the 13 individuals targeted.

The action was characterized as a new initiative by a spokesperson for the FBI.

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."

According to a court-filed report by the FBI, the Coreflood botnet ring is believed to have been in operation for over 10 years, infecting approximately 2.3 million computers (1.86 million in the United States). The aim of the ring is to steal money by recording user keystrokes on infected computers, gaining access to user names, passwords and other private information.

Coreflood's command and control servers allowed the ring to remotely access computers infected with its malware. It also allowed them to manually update the malware and stay ahead of a user's antivirus or other security programs.

As part of the restraining order, a command was sent to infected systems to halt the communication and transfer capabilities of the malware, which would allow security firms time to update software and safely remove the viruses.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said U.S. Attorney David B. Fein for the District of Connecticut. "I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."

About the Author

Chris Paoli is the site producer for and


  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.