The Department of Justice in a court filing Wednesday in New Haven District Court announced an unprecedented “reverse hack” to remove a password-stealing computer virus from more than 2.3 million infected computers worldwide.

The virus, known as Coreflood, exploits vulnerable, unpatched Windows systems. Once infected, the victim’s computer establishes a connection to a remote server and also attempts to infect other PC’s on its local area network.  The virus operates in the background and victims don’t know their computer is infected. This is what makes it so dangerous.

Coreflood records every keystroke of the infected machine, transmitting personal information such as user names, passwords, and the contents of emails and documents back to the main virus server for analysis by criminals who can then gain access to the victim’s bank and email accounts. 

The criminals operating the server maintain control over the infected PC’s, regularly sending updates that prevent detection by virus software as well as frequent changes to the “phone home” address to throw law enforcement off the trail. Often, the computers operating the central virus servers are hacked machines. The collection of infected machines and their virtual handlers are known as a “botnet.” In its filing, the Department of Justice says the unknown perpetrators and their co-conspirators are believed to be foreign nationals operating outside the U.S.

Among the victims listed in the complaint is a defense contractor who lost more than $240,000 via fraudulent wire transfers.

Today’s court ruling gives the government the authority to intercept traffic from the infected machines by impersonating the central virus servers. The replacement machines will issue a reply code that suspends the virus temporarily. The approximately 1.8 million infected users in the United States will be contacted with instructions on how to permanently remove the virus.  The government says that any personal information sent from infected machines to their servers will be discarded.

“These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure,” said Shawn Henry, Executive Assistant Director of the FBI’s Criminal, Cyber, Response and Services Branch.

Despite yesterday’s interception, security experts estimate other botnets continue to control millions of infected computers worldwide. The best defense against infection is keeping computers up-to-date with the latest security, malware, and anti-virus patches. Microsoft now provides this protective software for free.

Feds Take Down ‘Botnet’

Lon Seidman is the host and producer of “Lon.TV,” a consumer technology video show that is on a number of platforms including YouTube and Amazon. He creates in-depth, consumer-friendly product reviews and commentary. His YouTube channel has over 300,000 subscribers and more than 100 million views.

In addition to being a full-time content creator, Lon is an adjunct faculty member at the University of Hartford (his alma mater) where he teaches a course in entrepreneurial content creation.

Prior to becoming a full-time creator, Lon was a partner at The Safety Zone, his family’s business that manufactures gloves and safety equipment. The company has locations around the globe and employs over 200 people worldwide. The Safety Zone was acquired by the Genuine Parts Corporation in 2016.

Lon is also active in public service, serving as the Chairman of the Essex Board of Education, a member of the Region 4 Board of Education, and as the Secretary / Treasurer of the Connecticut Association of Boards of Education. He was endorsed by both Democrats and Republicans for his re-election in 2021.

The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of