Apr 14, 2011 09:37 GMT  ·  By

The FBI and US federal prosecutors have disabled a botnet of over 2 million infected computers and took the unprecedented step of setting up sinkhole servers to keep it under control.

The FBI has seized five command and control (C&C) servers, as well as 29 domain names used by the Coreflood botnet to communicate with them.

The action was the result of a temporary restraining order that also allows authorities to set up replacement servers to issue commands that temporarily stop botnet clients.

While the stop command combined with the seizures helps keep the botnet's authors from regaining control, it does not remove the malware from infected computers.

In order to tackle this issue, the Department of Justice together with the FBI and ISPs that volunteer, will be notifying the owners of the affected machines and help them clean the infection.

The DoJ notes that identified owners will also be given the right to opt out of the TRO and keep the malware running on their computers if they so wish.

It's worth noting that this enforcement action will only be performed for infected computers located in the United States. This means that a good number of Coreflood victims will remain infected.

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said Shawn Henry, Executive Assistant Director of the FBI’s Criminal, Cyber, Response and Services Branch.

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," he added.

Authorities collaborated with private industry partners like Microsoft and the Internet Systems Consortium (ISC). A civil complaint was filed against 13 unnamed defendants who are accused of running the botnet and engaging in wire fraud, bank fraud and illegal interception of electronic communications.

Coreflood was one of the oldest botnets still in operation, dating back to 2002. It infected a total of 2.3 million computers and from March 2009 to February 2010 alone it stole 190 GB of sensitive data including online banking passwords.