The SANS Institute announced today that the Federal Bureau of Investigation and the U.S. Attorney General’s Office have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative techniques in cyber law enforcement using the computer virus’ own command and control system to disable the malicious software.
Coreflood, the latest botnet, allowed compromised PCs to be accessed by attackers, enabling them to steal sensitive personal data such as passwords, usernames, and financial information for use in a variety of criminal purposes including stealing funds. Once the computer is infected it can be controlled remotely from another computer, known as a command & control (C&C) server. The Coreflood botnet is believed to have been in operation for nearly a decade and has infected more than 2.3 million computers worldwide, 80% within the United States.
A temporary restraining order put in place by the FBI and its partners allowed authorities to seize five C&C servers that remotely controlled hundreds of thousands of infected computers. These servers were swapped out and replaced with substitute C&C servers run by the government to prevent Coreflood from causing further injury to owners and users of infected computers.
The restraining order also has allowed the government to respond to requests from infected computers with a command to disable the malware. This stops the attackers controlling the botnet from introducing different versions of the Coreflood malware onto the infected computers. In addition authorities will alert the user’s Internet service provider and ask the service provider to contact the user recommending they install antivirus software to eliminate the infection.
via PR Newswire, continued here.