In April, the FBI said it shutdown the Coreflood botnet that infected more than 2 million computers worldwide with keylogging malware designed to steal financial information from victims.
As part of the enforcement action, the Department of Justice filed a civil complaint, executed criminal seizure warrants, and issued a temporary restraining order against the operators of the Coreflood botnet.
As part of the civil complaint, Kenneth Keller, an FBI agent assigned to the cyber crime squad, testified that the size of the Coreflood botnet had been reduced by more than 95% through victim notification, coordination of ISPs and anti-virus vendors, and operation of a substitute server, which was used to uninstall the virus from 19,000 infected computers whose owners provided written consent.
The FBI agent said that the agency had notified hundreds of Coreflood victims and provided information to 25 ISPs enabling them to notify their infected customers. He said that anti-virus vendors have updated their virus signatures in order to detect the latest versions of Coreflood.
Keller requested authorization to shut down the substitute server because it was no longer needed and it was consuming “considerable law enforcement resources.” He said to completely stop all Coreflood “beacons” being sent out by infected computers would require a “blanket” uninstall of all infected computers, something the FBI is not requesting authorization for “given that the size of the Coreflood botnet has already been significantly reduced.”