Last week the Department of Justice announced it had taken the most comprehensive and complete action in its history to bring down an international botnet. Active for over 10 years, the botnet was a network of over 2 million computers infected with a malicious software program known as Coreflood.  Coreflood is a key logging program that steals usernames, passwords and other  personal and financial information for a variety of criminal purposes, including stealing funds from the compromised banking accounts.

The court papers for the civil suit against the criminals identified a set of sizable corporate account takeover and fraud incidents directly related to Coreflood:

  • $115,771 fraudulent wire transfers from a real estate company in Michigan
  • $78,421 fraudulent wire transfers from a law firm in South Carolina
  • $151,201 fraudulent wire transfers from an investment company in North Carolina
  • $241,866 in fraudulent wire transfers from defense contractor in Tennessee

Attacks like these put banks and their customers in a lose-lose situation, and permanently damages the relationship between a business and their bank.   But what’s really concerning is that with 2 million computers infected, who knows what additional damage is waiting for financial institutions and their account holders.

It’s too late for the consumers and businesses whose credentials have already been stolen to use anti-virus or secure browsing techniques to protect themselves.  These retail and commercial account holders will have to rely on their own diligence and the proactive fraud prevention efforts of their financial institution to keep their money safe.

This serves as reminder for banks and credit unions of all sizes to assume the endpoint is compromised and build fraud prevention strategies accordingly.  And while they can hope for the best (that those stolen credentials will never be used),  institutions should really prepare for the worst.