Feds to Remove Coreflood Botnet from PCs Remotely

Thursday, April 28, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Is your PC part of the massive Coreflood botnet? Well, the federal government would like your permission to kick your computer out of the brood.

In an unprecedented move, the Department of Justice has sought a preliminary injunction in U.S. District Court that will allow the agency to issue instructions to systems infected by the Coreflood botnet that will cause the malware to delete itself.

The DoJ will accomplish the de-zombification task by way of the temporary command and control servers the Feds established as part of the operation that took down the Coreflood botnet, one of the largest such networks in the world.

Coreflood is thought to have infected more than two million PCs, and the DoJ wants to waste no time in making sure the beast is taken out of commission permanently.

"The DOJ argues that removing Coreflood quickly from infected systems is important, as new variants of Coreflood are already appearing, increasing the probability that new malware will be able to evade detection, removal tools, or re-capture now-dormant machines. The FBI says in many cases it has already identified infected computers by IP address and identified possible owners based on that information."

The injunction gives the DoJ until May 25 to contact the owners of the infected PCs and receive permission to administer the decommissioning plan.

The government's action will be limited to disabling the Coreflood botnet code on the infected devices, and assurances have been offered that the process will not harm hardware or allow for the collection of data from the infected machines.

"Based upon technical evaluation and testing, the Government assesses that the command sent to the Coreflood software to stop running will not cause any damage to the victim computers on which the Coreflood software is present, nor will it allow the Government to examine or copy the contents of the victim computers in any fashion."

The government is using IP addresses seized in the Coreflood take-down to identify potential victims of the botnet, and they estimate that the mass-erasure operation could diminish the botnet's herd by as much as seventy-five percent worldwide.

Source:  http://news.yahoo.com/s/digitaltrends/20110427/tc_digitaltrends/fedstoremotelydeletecorefloodfrominfectedpcs

Possibly Related Articles:
14319
Viruses & Malware
malware Botnets Government Remote Access Headlines PC IP Address DOJ Coreflood
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.