In huge change in policy, police move
against criminal servers

In a big step, the FBI has for the first time taken aim at tacking control of a HUGE BOT net by taking control of the criminal’s servers.  The US Justice Department has to seek a court order to carry out the sting.  It enabled authorities to issue its own commands, effectively ordering the malware to shutdown.  It also logged the addresses of the compromised machines.  The action was coordinated with Microsoft Corp., which issued a software patch April 12 to correct a vulnerability in it’s OS.  The vulnerability allows the software to spread from one computer to another creating zombie systems.

The approach was similar to that used by Dutch authorities against the Bredolab botnet.

Millions of systems have been recruited to become Zombie PC’s.  The Coreflood, malware program prompting the FBI investigation has been around for at least a decade now.  I can record keystrokes, allowing criminals to take over unsuspecting computers and steal passwords, banking info and credit cards.

The size of the network of compromised systems is around 2.3 million systems and has raked in millions for those behind it.

29 domain names have bee seized as well that were being used by the botnet.

“As a result the zombie machines in the Coreflood network are being re-routed to communicate with the server controlled by law enforcement agencies.” explained Noa Bar Yosef, a senior strategist at the security firm Impreva.

“There has been a real legal barrier to to this because essentially you are issuing instruction to someone else’s comptuer,” said Alex, Cox, principle research analyst at NetWitness Corp.  a cyber security firm based in Reston, Virginia.

“That is very, very significant,” Cox said.

Richard Boscovish, a lawyer in Microsoft’ digital crimes unit, said by email, “There is clearly a strong public/private momentum happening in the fight against botnets.”  He stated that, “The unit was happy to provide technical information from the lessons we learned from the recent Rustock and Waledac botnet takedowns to assist these agencies.”

Source: BBC, Businessweek