Teddy Rogers Posted July 17, 2008 Posted July 17, 2008 HighlightsOne of the oldest botnets in continuous operation (+6 years) Motive turned from DDoS to selling anonymity services to full-fledged bank fraud Entire Windows domains infected at once (thousands of computers at some organizations) Over 378,000 computers infected during 16-month time frame Infected businesses, hospitals, government organizations, and even a state police agency In the past several years we've seen many botnets come and have even seen some go. Some die because they are replaced by other code, some die (not often enough) because their owners go to jail. During this time, we've seen one botnet which has quietly flown under the radar since at least 2002. Coreflood (or "AF", as the author has dubbed it) started out as an internet relay chat (IRC) bot used for attacking other IRC users. Over time however, it evolved into a TCP proxy as part of an anonymity service, and then later into a full-fledged infostealer trojan. We wrote about the proxy component when it was first developed in 2003. Since that time Coreflood has maintained a much lower profile while other more prolific botnets came to the forefront of public attention. However, just recently the group behind Coreflood has escalated their activity and the trojan is beginning to be noticed again.http://www.secureworks.com/research/threat...hreat=corefloodTed. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now