U.S. Government to Remotely Uninstall Coreflood Trojan from Infected Machines
U.S. Government to Remotely Uninstall Coreflood Trojan from Infected Machines
Posted 04/27/2011 at 8:58am
| by Paul Lilly
12
Comments
Print
Over the course of the next four weeks, the U.S. Department of Justice will put into effect an initiative to remotely uninstall the Coreflood botnet Trojan from infected Windows PCs. The way it will go down is the DOJ will identify owners of infected rigs and then submit an authorization form to the FBI. It's the latest step in an effort to stomp out the botnet that's managed to seize control of some 2 million PCs.
According to ComputerWorld, the DOJ and FBI convinced a judge to grant them a restraining order to seize five command-and-control (C&C) servers that managed Coreflood. The unprecedented decision has led to Coreflood being reduced by 90 percent in the U.S., and 75 percent in other countries.
"Additional time is needed, however, both to allow more antivirus vendors to release virus signatures for Coreflood and to complete the process of notifying Coreflood victims," the DOJ said in a memorandum filed Saturday.
That request was also granted, and in the meantime, the government will uninstall Coreflood from identified victims' PCs who provide written consent.
More like this
12
Comments
Comments are closed on this article
Keith E. Whisman
April 27, 2011 at 11:13pm
Sounds like Skynet and Judgement day. Cyberdyne corp isn't involved in this are they? G-D all we need is killer robot that is a dead wringer for Schwartznegger so suddenly appear naked from the future to kill us all.
aarcane
April 27, 2011 at 10:43pm
Why not just repurpose the controllers to instruct the infected machines to clean themselves?
Eoraptor
April 27, 2011 at 10:39am
Yeah... Big Brother schtuff going on here. It's great that the DOJ took out the brain of the network (or at least a major chunk thereof)and stopped an evile botnet from engaging in further illegal activities...
But I am not about to let a government entity have any kind of access to my machine, for any reason, without a signed paper warrant. I don't care if they send me a nice letter asking politely to please let them do me a service, there's already been far too many issues of real intrusions by overzealous agents acting under Bush's incarnation of the Patriot act. (remember warrantless wiretaps? or the guy who went to federal prison on a kiddie porn rap for having anime on his PC?)
no thank you, I'll deal with it myself. I have a healthy distrust of our bought and paid for government, and if that makes me sound like a Conspiracy Theorist, send me my tin foil hat then.
Jims45wow
May 01, 2011 at 9:45pm
The Evil Patriot Act was set to expire, then, it had even more intrusive language placed in it and was rammed through the Democratic House and Senate, then Signed by the Big O. No media coverage on that? Surprise! Who's the daddy now?
someuid
April 27, 2011 at 10:09am
While I'm glad the FBI is taking down these kind of networks, cleaning up remote code doesn't really seem to be in-line with their mission objectives.
The FBI is great for investigating crime, but not at cleaning up after it. That should be the responsibility of someone else more qualified in managing information systems, like a computer emergency response center, ISPs, end users, computer repair techs, etc.
TommM
April 27, 2011 at 9:30am
Heh...be interesting to see how they approach the infected PC owners. If I got an e-mail that said, "THIS IS THE FBI AND WE WANT ACCESS TO YOUR MACHINE TO REMOVE A VIRUS." That would be an auto-delete e-mail.
Danthrax66
April 27, 2011 at 10:21am
You are assuming they are going to ask for permission. More likely they will mimic the home server of the botnet and send trojan code that it will execute and kill itself. Or at least that is how I would do it.
TommM
April 27, 2011 at 10:34am
Straight out of the article:
"...the government will uninstall Coreflood from identified victims' PCs who provide written consent."
Can't provide written consent if you haven't been contacted. ;)
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 4 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 4 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 2 hours ago
