Published: April 19, 2011
SANTA ANA – Federal authorities have taken unprecedented steps to stop a malicious software program that has infected millions of computers and stolen an unknown amount of money.
Officials seized servers and took control of web domain names across the country in an attempt to stop the spread of a program known as Coreflood.
The Coreflood software has compromised more than 2 million computers in the world by infecting the systems.
Coreflood takes control of the computers from a remote site and records the actions of the users of those computers, including log-in information, passwords and personal data. Those who control the system have then used that information to steal an unknown amount of money from their accounts.
The malicious software has been in place for almost 10 years, and has targeted corporate computers and servers, as well as personal computers.
In an unprecedented move, FBI agents and the Department of Justice took control of a number of infected servers throughout the country, including here in Orange County.
The FBI refused to name all of the Orange County companies that were infected by the program.
This was the first time U.S. officials adopted such a strategy to deal with malicious software, though a similar tactic was used by the Dutch government in Oct. 2010, according to court records.
Last week, the FBI was granted a temporary restraining order that allowed agents to seize infected servers and send signals from substitute systems to stop Coreflood from running and expanding. In court records, FBI officials said the strategy had been tested and is not believed to cause damage to any of the seized computers.
Servers in Arizona, Ohio, Georgia, Texas, Ohio, Connecticut and California are believed to have been affected.
Though the total amount stolen via Coreflood is not known, federal officials stated in court documents that the system continues to fraudulently take money from individual and corporate accounts. Through Coreflood, its creators took $115,771 from a real estate company in Michigan, $78,421 from a law firm in South Carolina, $151,201 from an investment company in North Carolina and $241,866 from a defense contractor in Tennessee.
Coreflood also produces updates to stay ahead of security and anti-virus systems.
FBI officials filed a complaint against 13 "John Does" last week, who are believed to reside outside the United States.
Federal officials called the actions "part of the most complete and comprehensive enforcement action ever taken by U.S. authorities to disable an international botnet."
Federal officials also took control of 29 domain names.
"These actions ... are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch.
FBI officials said they would not access information stored on any infected computers.
SANTA ANA – Federal authorities have taken unprecedented steps to stop a malicious software program that has infected millions of computers and stolen an unknown amount of money.
Officials seized servers and took control of web domain names across the country in an attempt to stop the spread of a program known as Coreflood.
The Coreflood software has compromised more than 2 million computers in the world by infecting the systems.
Coreflood takes control of the computers from a remote site and records the actions of the users of those computers, including log-in information, passwords and personal data. Those who control the system have then used that information to steal an unknown amount of money from their accounts.
The malicious software has been in place for almost 10 years, and has targeted corporate computers and servers, as well as personal computers.
In an unprecedented move, FBI agents and the Department of Justice took control of a number of infected servers throughout the country, including here in Orange County.
The FBI refused to name all of the Orange County companies that were infected by the program.
This was the first time U.S. officials adopted such a strategy to deal with malicious software, though a similar tactic was used by the Dutch government in Oct. 2010, according to court records.
Last week, the FBI was granted a temporary restraining order that allowed agents to seize infected servers and send signals from substitute systems to stop Coreflood from running and expanding. In court records, FBI officials said the strategy had been tested and is not believed to cause damage to any of the seized computers.
Servers in Arizona, Ohio, Georgia, Texas, Ohio, Connecticut and California are believed to have been affected.
Though the total amount stolen via Coreflood is not known, federal officials stated in court documents that the system continues to fraudulently take money from individual and corporate accounts. Through Coreflood, its creators took $115,771 from a real estate company in Michigan, $78,421 from a law firm in South Carolina, $151,201 from an investment company in North Carolina and $241,866 from a defense contractor in Tennessee.
Coreflood also produces updates to stay ahead of security and anti-virus systems.
FBI officials filed a complaint against 13 "John Does" last week, who are believed to reside outside the United States.
Federal officials called the actions "part of the most complete and comprehensive enforcement action ever taken by U.S. authorities to disable an international botnet."
Federal officials also took control of 29 domain names.
"These actions ... are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch.
FBI officials said they would not access information stored on any infected computers.