U.S. Lawsuit Targets Coreflood Botnet Perpetrators

Individuals responsible for the Coreflood botnet and its malware face legal scrutiny after the U.S. government announced lawsuits on Wednesday.

The U.S. Department of Justice and the Federal Bureau of Investigation are working together to bring down the Coreflood botnet, which operates internationally. The effort involves 13 civil complaints, including temporary restraining orders and criminal seizure warrants, which were filed against unidentified individuals associated with the malware ring.

Five command and control servers and 29 U.S. registered domain names associated with the group have already been seized since the joint task force went into action. The DoJ is now working with foreign government officials to apprehend the 13 individuals targeted.

The action was characterized as a new initiative by a spokesperson for the FBI.

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure."

According to a court-filed report by the FBI, the Coreflood botnet ring is believed to have been in operation for over 10 years, infecting approximately 2.3 million computers (1.86 million in the United States). The aim of the ring is to steal money by recording user keystrokes on infected computers, gaining access to user names, passwords and other private information.

Coreflood's command and control servers allowed the ring to remotely access computers infected with its malware. It also allowed them to manually update the malware and stay ahead of a user's antivirus or other security programs.

As part of the restraining order, a command was sent to infected systems to halt the communication and transfer capabilities of the malware, which would allow security firms time to update software and safely remove the viruses.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said U.S. Attorney David B. Fein for the District of Connecticut. "I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."

About the Author

Chris Paoli is the site producer for and


  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

  • Microsoft Previews New Azure Active Directory Roles and Bulk Management Capability

    Microsoft this week announced a couple of noteworthy previews of new capabilities for IT pros using the Azure Active Directory identity and access management service.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.