Coreflood, which was active since 2001 it has been able to be detected by ESET security products and identified as Win32/Afcore. Statistics show that very high Coreflood activity between 2007 and 2009, then peaking dramatically in late 2008. Post-2009 Coreflood fluctuating activity with moderate intensity.
Coreflood is classified as very dangerous malware which is capable of recording keystrokes and personal communication on Microsoft Windows based computers. When attacked Coreflood computer, then immediately the victim's computer can be controlled remotely by other computers, known as command and control (C & C) server.
Until now the U.S. Government has secured the perpetrators of the following C & C server, and a series of domain names that are used for crime. This was done primarily so that the new version of Coreflood is not increased and did not spread to the victim's computer.
Computers have been infected with Coreflood and then controlled remotely known as "bots", or the abbreviation of the word "robot" From the information that was obtained by a network of infected computers, known as Coreflood Coreflood botnet, and is believed to have been entrenched for nearly a decade and has infects more than two million computers worldwide.
Coreflood has the ability to steal usernames, passwords, personal information and even financial information. Further information is then used to commit a crime, which drain the contents of the account in question.
One of the successful cases revealed, by the local authorities explained that, in the conduct of the workings Coreflood first action is to monitor communications made via the Internet between banks and customers, then Coreflood used as a medium to take over online banking transactions and the result is done transfer funds to an unknown account.
In situations where the C & C server is not responding, Coreflood malware that already exist will continue to work on the victim's computer, collect personal and account information.
"The important thing for the user is to ensure computer security applications installed and able to work well. Keep security software is always updated, and has an outstanding detection abilities, so that they can take precautions, because of malware attacks could be prevented even from the malware that will be entered into the computer, "said Yudhi Strong, Technical Consultant-PT Prosperita ESET Indonesia.
