IT Security & Network Security News & Reviews: Botnet Takedowns: Are They Really Dead or Will They Rise Again?
Coreflood: April 2011
The Coreflood Trojan infected user computers and transferred banking credentials and other sensitive information to the botnet's command-and-control servers. The FBI seized the servers April 13 and replaced them with new servers to push out new instructions to disable the Trojan on user machines.
There have been several victories against major botnets in the past few months, the most recent being the shutdown of the Coreflood botnet. Even though law enforcement officials have successfully collaborated with various industry expertsincluding Microsoft's Digital Crimes Unit and Symantecto track down and seize command-and-control servers pumping instructions to infected machines, for the most part the operators remain at large. Many users were unaware their systems had been compromised in the first place and may still be infected even though the C&C servers are offline. With these dormant machines out there, it's possible that operators can resurrect the botnet at a later time and push out updated instructions to awaken its zombie army. "It stands to reason that when we stop seeing new exploits, that the entire botnet has to be on the decline," Patrick Cummins, a security malware researcher at Blue Coat Security, told eWEEK. The success and ultimate survival of the botnet depend on being able to continuously update its zombies. The U.S. Department of Justice employed a controversial technique to ensure Coreflood can't be revived by overwriting the malicious code on compromised systems with a new set of instructions. Below, eWEEK takes a look at some of the recent takedowns to determine whether the botnets and their zombies are amongst the walking undead.