Federal Bureau of Investigation and the U.S. Attorney General's Office win National Cybersecurity Innovation Award

The Coreflood botnet Takedown - Creative and proactive steps making the Internet more secure.

Gordon Snow, Assistant Director of the Federal Bureau of Investigation receives a National Cybersecurity Innovation Award with White House Cyber Coordinator, Howard Schmidt at the National Cybersecurity Innovation Conference in Washington DC.

WASHINGTON DC, November 3, 2011

The SANS Institute announced today that the Federal Bureau of Investigation and the U.S. Attorney General's Office have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative techniques in cyber law enforcement using the computer virus' own command and control system to disable the malicious software.

Coreflood, the latest botnet, allowed compromised PCs to be accessed by attackers, enabling them to steal sensitive personal data such as passwords, usernames, and financial information for use in a variety of criminal purposes including stealing funds. Once the computer is infected it can be controlled remotely from another computer, known as a command & control (C&C) server. The Coreflood botnet is believed to have been in operation for nearly a decade and has infected more than 2.3 million computers worldwide, 80% within the United States.

A temporary restraining order put in place by the FBI and its partners allowed authorities to seize five C&C servers that remotely controlled hundreds of thousands of infected computers. These servers were swapped out and replaced with substitute C&C servers run by the government to prevent Coreflood from causing further injury to owners and users of infected computers.

The restraining order also has allowed the government to respond to requests from infected computers with a command to disable the malware. This stops the attackers controlling the botnet from introducing different versions of the Coreflood malware onto the infected computers. In addition authorities will alert the user's Internet service provider and ask the service provider to contact the user recommending they install antivirus software to eliminate the infection.

The FBI and the Attorney General's Office have taken steps that are the first of their kind and used those steps to mitigate the threats posed by the Coreflood botnet. Thus are the winners of the 2011 National Cybersecurity Innovation Award for deploying innovative techniques in cyber law enforcement which have resulted in large scale risk reductions to make the internet more secure.

About the National Cybersecurity Innovation Awards

The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies that have developed and deployed innovative processes or technologies that (1) is innovative in that it has not been deployed effectively before, (2) can show a significant impact on reducing cyber risk, (3) can be scaled quickly to serve large numbers of people, and (4) should be adopted quickly by many other organizations. Nominators for the include most of the senior government officials involved with cybersecurity as well as those from the major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors also nominated innovations. Each nomination was tested by SANS research department against the criteria; those that met *all* four were recognized. More than 50 nominations were received; 14 were selected.

Contact Information:
Alan Paller, apaller@sans.org, (301) 951-0102 x108

About SANS

Established in 1989 as a cooperative research and education organization, SANS' programs reach more than 400,000 security professionals, auditors, system administrators, and network administrators who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. (www.sans.org)

****