🖤 Donations of all sizes power our public service journalism Give Now

Feds uninstalling Coreflood

John Moe Apr 27, 2011

A couple weeks ago we told you about how the Department of Justice had taken over the command and control function on the massive Coreflood botnet. So the zillions of computers carrying out its nefarious bidding (unbeknownst to the computers’ doe-eyed owners) were being neutralized by the Feds. Now the clean up portion of the operation has begun. Owners of computers identified by the DOJ as being part of the Coreflood botnet can submit an application to the FBI to have their computers debugged by the government.

Meanwhile, federal control has severely hampered Coreflood, at least according to DOJ’s own figures:

When authorities executed the server swap the evening of April 12, the response was immediate. According to the documents, on April 13, nearly 800,000 beacons came into the decoy servers from infected machines in the US. But the next day, the number of beacons had dropped to about 680,000, and steadily declined over the week.

The most drastic decline, however, occurred on April 16, a Saturday, when the number of beacons numbered fewer than 150,000. Although the number jumped to about 210,000 on Monday–likely because some users shut down their computers for the weekend then turned them on again on Monday, relaunching the Coreflood malware–the numbers have continued to decline since that day. On April 22, the last date for which data is available, the number of beacons hovered at around 90,000.

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.