U.S. Lawsuit Targets Coreflood Botnet Perpetrators

Individuals responsible for the Coreflood botnet and its malware face legal scrutiny after the U.S. government announced lawsuits on Wednesday.

The U.S. Department of Justice and the Federal Bureau of Investigation are working together to bring down the Coreflood botnet, which operates internationally. The effort involves 13 civil complaints, including temporary restraining orders and criminal seizure warrants, which were filed against unidentified individuals associated with the malware ring.

Five command and control servers and 29 U.S. registered domain names associated with the group have already been seized since the joint task force went into action. The DoJ is now working with foreign government officials to apprehend the 13 individuals targeted.

The action was characterized as a new initiative by a spokesperson for the FBI.

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."

According to a court-filed report by the FBI, the Coreflood botnet ring is believed to have been in operation for over 10 years, infecting approximately 2.3 million computers (1.86 million in the United States). The aim of the ring is to steal money by recording user keystrokes on infected computers, gaining access to user names, passwords and other private information.

Coreflood's command and control servers allowed the ring to remotely access computers infected with its malware. It also allowed them to manually update the malware and stay ahead of a user's antivirus or other security programs.

As part of the restraining order, a command was sent to infected systems to halt the communication and transfer capabilities of the malware, which would allow security firms time to update software and safely remove the viruses.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said U.S. Attorney David B. Fein for the District of Connecticut. "I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."

About the Author

Chris Paoli is the site producer for and


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.