In an unusual move, federal authorities will be contacting computer users with systems infected by the Coreflood botnet Trojan and asking them to agree to allow them to send commands to the malware so it will delete itself. The move comes in the in the wake of a coordinated takedown earlier this month by the FBI and other authorities, in which the U.S. government essentially substituted its own command-and-control servers in place of those used by Coreflood and issued commands telling the program to shut down on infected PCs. The move reduced activity from the Coreflood botnet by about 90 percent in the United States and by nearly 75 percent worldwide. However, infected PCs still have dormant Coreflood software on them, and the feds would like to get rid of it.
A U.S. District Judge approved the Department of Justice’s request for a preliminary injunction that authorizes the action, giving authorities until May 25 to contact owners of systems infected by Coreflood and obtain consent to remotely remove it from their machines. However, the DOJ actually argued it didn’t need a judge’s permission to move on its deletion campaign, since it will be seeking written consent from owners of infected systems before going through with the deletion.
“Based upon technical evaluation and testing, the Government assesses that the command sent to the Coreflood software to stop running will not cause any damage to the victim computers on which the Coreflood software is present, nor will it allow the Government to examine or copy the contents of the victim computers in any fashion,” the Department of Justice wrote in its request. However, the government also notes there are no guarantees, and that the uninstall process might have unexpected effects.
Federal authorities have not specified how many machines it has identified as candidates for a remote wipe of Coreflood. Industry estimates of the size of the Coreflood botnet at the time of its takedown were between 2 million and 2.5 million systems.
The DOJ argues that removing Coreflood quickly from infected systems is important, as new variants of Coreflood are already appearing, increasing the probability that new malware will be able to evade detection, removal tools, or re-capture now-dormant machines. The FBI says in many cases it has already identified infected computers by IP address and identified possible owners based on that information.
Yea can't they just provide the users explicit instructions on how to remove the trojan themselves…?
Its not that hard to do…
Myself Id sooner format/reinstall windows than allow the Feds full access to my machines.
I am sure silly windows sheep who got infected wouldn't mind feds poking around. Sad and funny.
"The nine most terrifying words in the English language are: 'I'm from the government and I'm here to help.'" – Ronald Reagan.
If you were lax in protecting your computer before, this might be REALLY good incentive to get on it. I'm not sure which is more frightening – a hacker or the FBI having access and wanting to delete stuff.
Sure. Access my system. Get all of my personal stuff while your at it!
Drive Wipe: gutman
Trust issues here…
should I be happy or scared if the FBI contacts me for this?
So when the "FBI" contacts me (through email or Facebook or…) I should grant them full permission to scan my computer and delete whatever they deem necessary?
What could possibly go wrong with that scenario?
haha exactly. Talk about being down right spooky. I am not letting the feds touch my system!
i agree i would never want the feds on my computer they would see everything memories photos cookies history and porn witch i dont know about you i'm not to happy about