Skip to main content

Feds to remotely delete Coreflood from infected PCs

Image used with permission by copyright holder

In an unusual move, federal authorities will be contacting computer users with systems infected by the Coreflood botnet Trojan and asking them to agree to allow them to send commands to the malware so it will delete itself. The move comes in the in the wake of a coordinated takedown earlier this month by the FBI and other authorities, in which the U.S. government essentially substituted its own command-and-control servers in place of those used by Coreflood and issued commands telling the program to shut down on infected PCs. The move reduced activity from the Coreflood botnet by about 90 percent in the United States and by nearly 75 percent worldwide. However, infected PCs still have dormant Coreflood software on them, and the feds would like to get rid of it.

A U.S. District Judge approved the Department of Justice’s request for a preliminary injunction that authorizes the action, giving authorities until May 25 to contact owners of systems infected by Coreflood and obtain consent to remotely remove it from their machines. However, the DOJ actually argued it didn’t need a judge’s permission to move on its deletion campaign, since it will be seeking written consent from owners of infected systems before going through with the deletion.

Recommended Videos

“Based upon technical evaluation and testing, the Government assesses that the command sent to the Coreflood software to stop running will not cause any damage to the victim computers on which the Coreflood software is present, nor will it allow the Government to examine or copy the contents of the victim computers in any fashion,” the Department of Justice wrote in its request. However, the government also notes there are no guarantees, and that the uninstall process might have unexpected effects.

Federal authorities have not specified how many machines it has identified as candidates for a remote wipe of Coreflood. Industry estimates of the size of the Coreflood botnet at the time of its takedown were between 2 million and 2.5 million systems.

The DOJ argues that removing Coreflood quickly from infected systems is important, as new variants of Coreflood are already appearing, increasing the probability that new malware will be able to evade detection, removal tools, or re-capture now-dormant machines. The FBI says in many cases it has already identified infected computers by IP address and identified possible owners based on that information.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Microsoft Edge just got a new way to protect your privacy
Microsoft Edge Secure Network graphic.

Microsoft Edge just got even more secure. After a tease a few weeks ago, Microsoft has just officially announced the availability of Edge Secure Network, the new built-in VPN feature for the Microsoft Edge browser.

Though still in an experimental stage with a small audience using the Canary version of the browser, Microsoft hopes this feature can provide extra peace of mind when using Edge on unsecured networks. As with most other VPN services, this built-in Secure Network can mask your device's IP address, encrypt your data, and route it through a secure network that's geographically co-located.  This will make it harder for hackers and others with bad intent to see your true location. The company that provides your internet also won't be able to collect your browsing data for ads.

Read more
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
How to stop your emails from being tracked, and preserve your privacy
Woman Checking Her Email

Did you know that opening an email can send a world of information back to its sender? It can. Including when you opened it, how many times you opened it, where you were when you opened it, and much more. Like Apple iMessage and Facebook Messenger receipts, emails can share detailed information about when a recipient views a message and their actions. If you want to keep your email private, follow this guide on keeping your emails from being tracked.

If you are considering how to keep your online life secure, be sure to check out our article on how to make a disposable email address and stay safe around the web.
How are emails tracked?
Pixels are one of the most popular ways to track an email. A small image, the size of a single pixel, is often attached to the email's end. When your email client loads the picture, your email service must retrieve it from the sending server; this server can then log when your email service loaded the image to understand when (and if) you opened the email. Additional information, such as your IP address, can alert the server to where you were located when you opened the email.

Read more