The gang also used computer hosting services of unwitting Internet providers in New York, New Jersey, Pennsylvania, Massachusetts, Virginia, Florida, Arizona, Nevada, California, Oregon, and Washington.
Often the command sent was to search for words on the infected computers that indicated banking or credit-card information – and send it along. But just as often, Coreflood was instructed to send it all – giving the botnet a voracious appetite for all kinds of data. Its enormous, nonselective appetite for data may have been its undoing.
On April 12, a US District Court judge in Connecticut granted a temporary restraining order against 13 “John Doe” defendants – the alleged members of the Russian cybergang. The court gave the FBI permission to take the unprecedented step of sending an electronic “pause” command to all US-based Coreflood-infected computers – machines whose owners had no idea their computers were being controlled by a Russian gang.