In addition to banning the defendants from using Coreflood to commit fraud and to illegally intercept electronic communications, the injunction authorizes the U.S. Marshals Service and FBI to use a substitute server to stop Coreflood from running on infected computers.

The coordinated law enforcement effort has cut the size of the Coreflood botnet by nearly 90 percent in the United States, DOJ said, mainly thanks to two factors. First, because the botnet was no longer running, it was not able to update itself and avoid detection by anti-virus software.

Second, the FBI, with the help from Internet service providers, has made significant efforts to identify and notify the victims of Coreflood, who then removed Coreflood from thousands of infected computers.

Victims of Coreflood have included state and local governments, airports, banks and financial institutions, colleges or universities, hospital or healthcare companies, and hundreds of businesses.

According to one of the victims, a hospital healthcare network, approximately 2,000 of its 14,000 computers were infected with Coreflood. After a restraining order was  granted by the district court to prevent Coreflood from running, the hospital was able to focus on investigating and repairing the damage caused by the botnet.

The injunction does not identify the defendants, but merely lists 13 John Does.

Bruce Raisley, 48, of Kansas City, Mo., was convicted six months ago of launching a malicious computer program designed to attack computers and websites. Raisley previously volunteered for the organization Perverted Justice, which works with police and the NBC TV show “To Catch a Predator.”

He left the organization after a falling out with its founder, Xavier Von Erck. An upset Van Erck retaliated by pretending to be a woman named “Holly” and started an online relationship with Raisley, who eventually agreed to leave his wife for “Holly.”

He was later photographed by a Perverted Justice volunteer at the airport waiting for “Holly” to arrive, prosecutors said.

Radar Magazine and Rolling Stone were just a few of the media outlets who picked up the story and reported on it. Raisley developed a virus to attack the websites where the articles were posted, prompting computers to launch denial-of-service attacks on the sites, which then crashed due to the overwhelming traffic.

“I was wrong for putting that thing out there,” Raisley said between sobs, according to Philly.com. “I’m sorry. I didn’t see any other choice.”

In addition to the two-year prison sentence, Raisley was ordered to pay more than $90,000 in restitution to the impacted websites.

photo: chrisharvey

Assistant director for the cyber division of the FBI, Gordon Snow, testified before the Senate Judiciary Committee’s subcommittee on crime and terrorism this week to talk about how the bureau is responding to the ongoing threat of cyber crime terrorism.

Snow discussed the overall cyber threat and said he couldn’t overstate the potential impact the threats pose to the economy, national security and critical infrastructure. He revealed some of the facts regarding the latest in cyber threats including its increase over the last five years.

The recent security breach by intruders into NASDAQ was part of his testimony as well as information on the hacking of a U.S. security firm in which 72,000 emails were compromised and later posted online.

Snow spoke of critical infrastructure such as pipelines and railroads, intellectual property rights violations and the nation’s public health and safety via counterfeit pharmaceuticals and aircraft parts, among others being vulnerable to cyber attacks.

Addressing the criminals behind the attacks, the assistant director discussed hacktivist groups, such as Anonymous, and botnets networks who have been responsible for recent cyber attacks. Snow gave Anonymous the title of the “Non for Profit” criminal, who commits computer crimes as a form of protest. He said the group, which involves collective individual participation, supports WikiLeaks. He defined botnets as networks of compromised computers controlled remotely by an attacker. Online schemes that steal funds or data are facilitated to anonymize online activities and deny access by others to online resources.

Cyber attacks lead to a huge financial impact on businesses big and small and this country’s overall economy. A 2010 study by the Ponemon Institute showed that cyber crime to individual victim organization can cost $1 million to $52 million. A 2011 publication by Javelin Strategy and Research revealed the annual cost of identity theft is $37 billion.

To combat cyber threats, the FBI has cyber squads in 56 field offices and more than 1,000 trained FBI agents, analysts and forensic examiners. Snow credited Congress and the White House with providing the bureau with the resources to fight cyber crime. He said cyber issues were a top priority of the bureau and the entire government and that the FBI can address every facet of a cyber case.

The FBI is not alone in fighting cyber crime. It has partnered with 20 law enforcement and intelligence entities and leads the National Cyber Investigative Joint Task Force. The agency has numerous international allies and have embedded five full-time foreign police agencies to assist with cyber investigations.

For more on Gordon Snow’s testimony, click here.

“Prior to 2010, many people thought in terms of spam and DDoS whenever the term ‘botnet’ was discussed,” said Gunter Ollmann, vice president of research, Damballa. “By the end of the year, botnets such as Mariposa, Aurora, Koobface and Stuxnet had become household names – revealing the breadth of crime commonly being facilitated with remotely controllable bot agents.”

Damballa’s “Top 10 Botnet Threat Report – 2010” found that of 2010′s 10 largest botnets, six did not exist in 2009 and only one (Monkif) was present in the previous year’s list of 10 largest botnets.

The dubious honor of ranking first went to TDLBotnetA, a botnet that claimed 14.8 percent of all unique infected victims in 2010. It has been associated with the TDL Gang – a crime ring known for its advances in master-boot-record rootkit technology and its commercially available DIY botnet construction kit, Damballa said.

RogueAVBotnet and ZeusBotnetB ranked second and third, respectively, followed by Monkif, Koobface.A, Conficker.C, Hamwek, AdwareTrojanBotnet, Sality and SpyEyeBotnetA.

The significant spike in botnet infections has been linked to the rapid evolution of the many botnet DIY toolkits and the increased access to exploit packs, Damballa said. Also, another factor Damballa said played a role in the growth of botnet infections was the cyber crooks becoming more proficient at installing bot agents on behalf of botnet operators.

Dubbed “Geinimi,” this Trojan is the first Android malware in the wild that displays botnet-like capabilities, according to smartphone security company Lookout. Once the malware is installed on a user’s phone, it can receive commands from a remote server that allow the owner of that server to control the phone, Lookout said.

“Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” Lookout said on its company blog. “The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan  isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.”

The company’s analysis of the Trojan has showed it is able to send location coordinates and download and prompt the user to install an app. Other capabilities include the ability to prompt the user to uninstall an app, and enumerate and send a list of installed apps to the server.

Chris Avell, who runs idontgiveascam.com–a whistle-blower site aimed at exposing online business scams– said a DDoS attack caused him an estimated $10,000 in damages and revenue loss, according to San Antonio Express-News.

Avell said a California-based company hosts the server for his site, and it could not stop the week-long attack.

After recovering from the first cyber attack, Avell found a message on his site from by a poster named USA, RUSSIA, GERMAN HACKERZ that read, “please close this site i give you 2 Days, when you don t close this site, i must take my botnet und we attack you again. i say that here not for funny !!!”

“Some of the people on there became agitated that their business is being affected by the site,” he told San Antonio Express-News. “So they hacked the site before and they had threatened to attack.”

A clue to the culprit’s identity was detected after a suspected attacker posted a comment on Avell’s site.

“The person who left the comments . . . was redirected off his proxy and didn’t realize it so his IP traced right back to that,” Avell said.

That IP address led to Russia, and after discovering this, Avell said he could not do much more.

“It’s in the hands of the FBI to take it any further than that,” he said.

According to CNN, researchers began tracking down the “Mega-D” spam automated botnet as a prime source of selling counterfeit goods. Allegedly managed by Oleg Nikolaenko, the botnet accounted for 32 percent of all spam, the court documents said, and security researchers estimated it was capable of pushing out 10 billion spam email messages a day.

Nikolaenko’s operation allegedly made $459,098.47 between June 4 and Dec, 5, 2007, peddling spam selling everything from counterfeit prescriptions to fake Rolex watches.

The scam came to an end when a seller of counterfeit watches told authorities after he was arrested that he paid more than $2 million working with spammers to sell his product. With that information, officials were able to track down Nikolaenko.

Christopher Van Wagner, Nikolaenko’s lawyer, told the Milwaukee Journal Sentinel that so far, the charges against his client are only accusations.

“We’re prepared to present a rigorous defense,” he said.

“There are a number of ways they could be supporting themselves,” said Jiri Sejtko, head of virus research at the avast! Virus Lab. “The four most likely methods are through selling hacked space on infected servers, use of this malware to support the activities of other, more directly profitable malware, selling stolen credentials, or using keyloggers to spread other spam. But at this stage, it is more important for recognize this botnet than uncover its business plan.”

Kroxxu focuses exclusively on stealing FTP passwords. Unlike the traditional botnet, Kroxxu’s expansion is entirely based on infected websites, not individual computers. Stolen passwords allow Kroxxu’s owners add a simple script tag to the original website content, making it possible to upload and modify files on infected servers and spread its net to other servers worldwide.

The avast! Virus Lab found that 985 PHP redirectors and 336 malware distributors placed in the infected sites had survived more than three months without any attention from the side of the site owners or administrators. Only the administrator or the owner of the hacked website is able to legally get rid of the infection.

Cecilia Malmström

Europe must build stronger defenses against cyber attacks and enforce harsher punishments against convicted hackers, the European Commission said yesterday.

According to AFP, the commission proposed a new regulation imposing a prison sentence of at least two years for using malicious software or stealing computer passwords to commit a crime. For more serious crimes committed by a criminal organization, the sentence would be at least five years, the commission said.

In an effort to boost cooperation between EU nations, the European Union’s executive arm also proposed to bolster and upgrade the European Network and Information Security Agency.

European Commissioner for Home Affairs Cecilia Malmström noted it is time for the commission to intensify its efforts against cyber crime.

“The proposals we are putting forward today are one important step, as we criminalize the creation and selling of malicious software and improve European police cooperation,” she was quoted as saying by AFP.

In the beginning of 2009, several EU states were the target of a botnet that infected the computers of armed forces in France, Germany and Britain, the commission said.

The Stuxnet worm attacking computers in Iran demonstrates that such threats are “enormous,” Malmström said.

After a six-day trial, the jury returned a guilty verdict against Bruce Raisley of Kansas City, Miss. Raisley was convicted of launching a malicious computer program designed to attack computers and websites.

According to court documents, Raisley formerly volunteered for Perverted Justice, an organization that worked with the Dateline NBC show “To Catch a Predator” to identify and bust pedophiles. After a falling out with the group and its founder Xavier Von Erck, Raisley became an outspoken critic of Perverted Justice and Von Erck.

Von Erck retaliated by posing online as an adult woman named “Holly” and began an online relationship with Raisley. Eventually, Raisley agreed to leave his wife for “Holly” and was photographed by a Perverted Justice volunteer waiting for “Holly” at the airport.

In 2006, Radar Magazine and Rolling Stone Magazine published articles that discussed “To Catch a Predator” and the techniques used by Perverted Justice and the show to trap pedophiles. Both articles discussed the episode between Raisley and Von Erck posing as “Holly.”

The two articles proved popular, and were later posted on various websites. As a result, Raisley came up with a plan to remove the articles from the sites. He developed a virus that spread over the Internet and infected approximately 100,000 computers across the world, creating a botnet to launch DDoS attacks against Rolling Stone, Radar and other media outlets.

The count Raisley was convicted on carries a statutory maximum sentence of 10 years in prison and a $250,000 fine, as well as restitution to the victims of his offense. Sentencing has been set for Jan. 7, 2011.