http://www.reuters.com/article/2011/...28985620110413

UPDATE 2-U.S. shuts down massive cyber theft ring

4:00pm EDT
Wed Apr 13, 2011 6:54pm EDT
* Coreflood infected more than 2 million computers

* Gang likely based in Russia -- expert

* Second cyber crime takedown in two months (Adds additional comment from Paller on where gang is from and where infected computers are, background on March takedown)

By Diane Bartz and Jim Finkle

WASHINGTON/BOSTON, April 13 (Reuters) - U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.

A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a "botnet" that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.

The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.

"This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it," said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.

The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.

"We're pretty sure a Russian crime group was behind it," said Paller.

Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.