U.S. shutters botnet, can disable malware remotely

By seizing servers and domain names and getting permission to remotely turn off malware on compromised PCs, U.S. officials have disabled a botnet that steals data from infected computers.

The legal actions are part of the "most complete and comprehensive enforcement action ever taken by U.S. authorities to disable an international botnet," according to a statement from the Department of Justice. A botnet is a group of computers that have been compromised and are being remotely controlled by attackers, typically to send spam or attack other computers.

It's the first time law enforcement in the U.S. has requested permission from a court to take control of a botnet, according to a request for a temporary restraining order that was granted. Similar action was taken by Dutch officials who downloaded "good" software to computers infected with Bredolab botnet malware, the filing said.

In this case the malware, called "Coreflood," records keystrokes and private communications, enabling it to steal usernames, passwords, and other private personal and financial information. Once a computer is infected with Coreflood, the malware communicates with a command-and-control server, allowing it to remotely control the compromised computer. The botnet is believed to have infected more than 2 million Windows-based computers worldwide in nearly 10 years.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules