Justice Department targets international botnet

The U.S. Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) are taking steps to down a nefarious international botnet.

As part of its effort to disable the botnet, the DoJ announced the filing of a civil complaint, the execution of criminal seizure warrants and the issuance of a temporary restraining order.

“Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation’s information infrastructure,” explained Shawn Henry, Executive Assistant Director of the FBI’s Criminal, Cyber, Response and Services Branch.  

“These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure.”

Indeed, the botnet is a network comprising hundreds of thousands of computers infected with a malicious software program known as Coreflood – which installs itself by exploiting a vulnerability in computers running Windows operating systems. 

Coreflood allows infected computers to be controlled remotely for the purpose of stealing private, personal and financial data from unsuspecting computer users.


According to court filings, Coreflood is a particularly harmful type of malicious software that records keystrokes and private communications on a computer.  

Once a computer is infected with Coreflood, it can be controlled remotely from another computer, known as a command and control (C & C) server. 

The Coreflood botnet is believed to have operated for nearly a decade – infecting more than two million computers worldwide during its so-called “career.”

Note: The Department of Justice and FBI, working with Internet service providers around the country, says they are committed to identifying and notifying as many innocent victims as possible who have been infected with Coreflood, in order to avoid or minimize future fraud losses and identity theft resulting from the botnet.