Reduce Your Risk of Coreflood Trojan Infection

John Storts
Slide Show

Five Security Predictions for 2012

Often, software flaws or weaknesses get the lion's share of the blame when malware infects and spreads throughout a network. But, that's not the whole story.


While cyber criminals prey upon vulnerabilities in software programs, many exploit the "natural" structure of Windows networks to compromise and steal data, such as those who use the Coreflood Trojan botnet.


Cyber criminals use infected websites to spread the malware; once infected, the malware lurks in an inactive state until a system administrator logs in.


After logging in, Coreflood uses a legitimate Windows program (psexec), or a custom program that has the same capabilities, and roams the network looking for new victims.


Home network users aren't immune, but Coreflood mostly targets large organizational networks. According to US-CERT, organizations can diagnose possible infections by using these indicators:

  • Unusual admin usage
  • Log files in the the Local Settings folder that identify successful and propagation attempts
  • Intrusion detection alerts referencing malware POST activity


Download US-CERT's detailed, to-the-point recommendations for minimizing or preventing Coreflood infections, including tactical and strategic mitigations, available on IT Business Edge.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.