A cyber crime ring that used malicious software to steal data from millions of PCs has been shut down by US authorities.
A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a “botnet” that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the US Department of Justice said.
“This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it,” said Alan Paller, director of research at the SAN Institute, a non-profit group that helps fight cyber crime.
The vast majority of the infected machines were in the US, but the criminal gang was likely overseas. “We’re pretty sure a Russian crime group was behind it,” said Paller.
McAfee Labs research and communications director Dave Marcus said the amount of money stolen could easily be tens of millions of dollars and could go above $100 million.
A civil complaint against 13 unnamed foreign nationals was also filed by the US district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.
The Coreflood software was used to infect computers with key logging software that stole user names, passwords, financial data and other information, the Justice Department said.
“The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” US Attorney David Fein said in a statement.
In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft. Authorities severed the Rustock IP addresses, effectively disabling the botnet.
Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people’s junk mail bins.
A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim’s bank account.
US government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down.
Botnet victims included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defence contractor that lost $241,866, according to the complaint filed in the US District Court for the District of Connecticut. The government plans to work with internet service providers around the country to identify other victims.