FBI set to kill secret-stealing Russian 'botnet.' Is your computer infected?
The FBI has seized control of a Russian cybercrime enterprise, but to kill it completely, officials may ask to rip some malware out of your computer. US diplomatic secrets could be at stake.
(Page 2 of 4)
Millions of criminal botnets operate on the Internet today – turning individuals’ personal computers surreptitiously into “zombies” or “bots” that will do whatever their criminal “bot masters” order them to do, without the owner knowing anything about it.Skip to next paragraph
Subscribe Today to the Monitor
Authorities have tried for years to stop botnets – with mixed results.
But last month, the Department of Justice and FBI moved to take Coreflood down using an approach that could be a model for handling botnets more effectively in the future. The method? Basically, law enforcement authorities took control of the botnet by inserting into the network their own “command and control” computers capable of giving orders to the network’s individual PC “bots.”
Right now, the FBI controls Coreflood.
To control its sprawling botnet, and gain access to personal bank accounts and other financial information, the Coreflood cybergang sent commands from computers in Russia. Those commands first went through computers the gang commandeered in Estonia, which then relayed instructions to “command and control” computers located in Texas, California, Ohio, Arizona, and Georgia.
The gang also used computer hosting services of unwitting Internet providers in New York, New Jersey, Pennsylvania, Massachusetts, Virginia, Florida, Arizona, Nevada, California, Oregon, and Washington.
Often the command sent was to search for words on the infected computers that indicated banking or credit-card information – and send it along. But just as often, Coreflood was instructed to send it all – giving the botnet a voracious appetite for all kinds of data. Its enormous, nonselective appetite for data may have been its undoing.
On April 12, a US District Court judge in Connecticut granted a temporary restraining order against 13 “John Doe” defendants – the alleged members of the Russian cybergang. The court gave the FBI permission to take the unprecedented step of sending an electronic “pause” command to all US-based Coreflood-infected computers – machines whose owners had no idea their computers were being controlled by a Russian gang.