The Department of Justice has informed the U.S. District Court of Connecticut that the government needs more time to shut down the Coreflood botnet that was the subject of criminal seizure warrants issued earlier this month. Meanwhile, the FBI is currently in the process of providing identifiable victims with an authorization form that would permit the government to remove Coreflood malware from infected PCs.
The goal is to stop cybercriminals from stealing private personal and financial information from unsuspecting computer users, noted U.S. Attorney David B. Fein earlier this month.
"Law enforcement will continue to use innovative and responsible actions in our fight against cybercriminals," Fein said. "At the same time, we urge consumers to ensure they are continually taking prudent measures to guard against harm, including routinely updating antivirus security protection."
Attack of the Robot Drones
To create a botnet, computer hackers unleash a malware program that seeks out PCs with security weaknesses. Vulnerable machines essentially become robot drones for the criminals controlling the botnet. Infected computers are ordered to connect to a communications channel over which a hacker can issue commands to users' machines.
In past years hackers have created botnets to install adware on computers without the owners' permission, with the goal of fraudulently obtaining commission income. Coreflood, however, is potentially more dangerous because the malware enables the criminals to access the keystrokes of computer users -- potentially exposing IDs and passwords for accounts at banks and other financial institutions.
When the FBI seized many of the computer servers behind the Coreflood botnet earlier this month, it stopped the malware from running on infected computers in the United States, but only temporarily. The server seizures also prevent Coreflood from updating itself.
Still, U.S. attorneys told the court the government needs more time to notify the owners of hundreds of thousands of infected computers. Moreover, antivirus software vendors will need more time to release new virus signatures that can recognize the latest versions of Coreflood, they added.
Targeting Specific Victims
Symantec said Wednesday that it integrated detection capabilities to its security software for Coreflood.C in 2007 and Coreflood!gen detections were created in 2009. "Symantec is still seeing a bit of activity on this detection," said Symantec response manager Vikram Thakur. "Thus we suspect the current sample being used -- and [the one] that has led to the action from the Department of Justice and FBI -- is the Coreflood.C variant."
According to a new Symantec report, cybercriminals became more focused last year on research to select victims for maximum financial benefit. And due to their targeted nature, many of these attacks succeeded in 2010 -- even when the individual victim or an organization for which the victim worked had basic security measures in place.
The resulting data breaches resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause, Symantec said. What's more, the potential threats aren't limited to hackers seeking financial gain.
"Stuxnet and Hydraq, two of the most visible cyberevents of 2010, represented true incidents of cyberwarfare and have fundamentally changed the threat landscape," said Symantec Senior Vice President Stephen Trilling. "The nature of the threats has expanded from targeting individual bank accounts to targeting the information and physical infrastructure of nation states."