FBI and Justice Department shut down Coreflood botnet

The FBI and the US Department of Justice (DoJ) have completed their biggest computer crime action with the seizure of servers and domain names behind the Coreflood botnet.

Five command-and-control servers have been identified and removed by law enforcement, as well as 29 domain names used by the system behind the botnet.

The servers have been replaced by systems which shut down the malware when infected PCs update themselves, and security firms will be informed of the latest Coreflood signature files.

In addition to the seizures, a legal case was filed in Connecticut against 13 unnamed operators of the botnet on charges of wire fraud, bank fraud and illegal interception of electronic communications.

"The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said US attorney David B. Fein for the District of Connecticut.

"I want to commend our industry partners for their collaboration with law enforcement to achieve this great result."

Coreflood surfaced in 2003 and some estimates put the botnet's size at over two million infected computers.

The DoJ said that the botnet had been used to harvest financial data and steal from internet users, citing three cases in which over $100,000 had been lost by individuals.

"Botnets and the cyber criminals who deploy them jeopardise the economic security of the US and the dependability of the nation's information infrastructure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response and Services branch.

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the US and reflect our commitment to being creative and proactive in making the internet more secure."

Governments and the technology industry are becoming increasingly co-ordinated in tackling the botnet problem.

The FBI has been investigating the botnet market, the EU is talking tough and the Rustock botnet was taken down in March after a campaign by Microsoft and FireEye.