The Department of Justice and the FBI announced that they have obtained a temporary restraining order enabling them to disable the Coreflood botnet and respond to infected PCs. Authorities also obtained search warrants allowing them to seize five command and control servers located in Arizona, Georgia, Texas, Ohio, and California, and a seizure warrant for 29 domain names used by the botnet.
A related civil complaint, filed by the government alleged that they have engaged in "wire fraud, bank fraud, and unauthorized interception of electronic communications" by using the botnet, which installed key-logging software to steal people's personal financial information.
Thanks to the temporary restraining order, authorities can swap out the servers powering Coreflood for their own, replacing them with substitute C&C servers run by the government. Computers infected by Coreflood regularly attempt to phone home to the C&C server. When they do so, the government's substitute C&C servers will return a command to disable the malware.
Full Story
No comments:
Post a Comment