The Coreflood botnet Takedown - Creative and proactive steps making the Internet more secure
WASHINGTON, Nov. 3, 2011 /PRNewswire-USNewswire/ -- The SANS Institute announced today that the Federal Bureau of Investigation and the U.S. Attorney General's Office have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative techniques in cyber law enforcement using the computer virus' own command and control system to disable the malicious software.
Coreflood, the latest botnet, allowed compromised PCs to be accessed by attackers, enabling them to steal sensitive personal data such as passwords, usernames, and financial information for use in a variety of criminal purposes including stealing funds. Once the computer is infected it can be controlled remotely from another computer, known as a command & control (C&C) server. The Coreflood botnet is believed to have been in operation for nearly a decade and has infected more than 2.3 million computers worldwide, 80% within the United States.
A temporary restraining order put in place by the FBI and its partners allowed authorities to seize five C&C servers that remotely controlled hundreds of thousands of infected computers. These servers were swapped out and replaced with substitute C&C servers run by the government to prevent Coreflood from causing further injury to owners and users of infected computers.
The restraining order also has allowed the government to respond to requests from infected computers with a command to disable the malware. This stops the attackers controlling the botnet from introducing different versions of the Coreflood malware onto the infected computers. In addition authorities will alert the user's Internet service provider and ask the service provider to contact the user recommending they install antivirus software to eliminate the infection.
The FBI and the Attorney General's Office have taken steps that are the first of their kind and used those steps to mitigate the threats posed by the Coreflood botnet. Thus are the winners of the 2011 National Cybersecurity Innovation Award for deploying innovative techniques in cyber law enforcement which have resulted in large scale risk reductions to make the internet more secure.
About the National Cybersecurity Innovation Awards
The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies who have developed and deployed innovative processes or technologies which are innovative in that it has not been deployed effectively before, can show a significant impact on reducing cyber risk, can be scaled quickly to serve large numbers of people, and should be adopted quickly by many other organizations. Nominations included most senior government officials involved with Cybersecurity as well as those from major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors, also nominated innovations and each nomination was tested by the SANS Institute research department. More than 50 nominations were received and 14 were selected.
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)
SOURCE SANS Institute