DOJ Gets Court Permission To Attack Botnet

itwbennett writes "In an unprecedented move, the Department of Justice (DOJ) and the FBI have been issued a temporary restraining order that will allow the FBI and the US Marshal for the District of Connecticut to set up servers at the Internet Systems Consortium or other ISPs that would stop infected computers from continuing to spread the Coreflood virus, according to court records. This week, the DOJ and FBI seized five servers that controlled Coreflood-infected computers, the DOJ said in a press release. The agencies also seized 29 domain names used by the Coreflood botnet to communicate with the servers."

Seizing Domain names

[icebike]

This is a total waste of time.
Half the ones they seize are innocent bystanders. The rest are replaced for $16 bucks at some sleezey registrar. Probably most are simply
decoys and the ones of real importance are out of country.

Perhaps the Defense contractor whined, and that finally got the Fed's attention, but it seems to me that various private initiatives (like those by Microsoft and others) have been way out ahead of this.

Why not audit that Defense Contractor's IT procedures and practices. A bot net owning one of their boxes? Seriously?

Possibly a non-jackbooted response

[russotto]

I haven't found the order itself, but the request is here

If that's what they were granted, it looks remarkably restrained. It actually specifies the servers in question (it's not just a blanket "We get to grab anything we claim is a C&C server, now or in the future").

The part the article seems to be going on about is "A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders;" This is pretty radical, in that it lets the FBI operate the botnet at least in so far as to shut it down. But it doesn't give them any authority over computers which aren't already infected.

Re:Governet

[Gordo_1]

OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!

Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?

Re:Governet

[hairyfeet]

Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else. Example follows:

Last week a customer needed to pay me for a cleaning on a machine I built him nearly a month ago. Did I leave him unprotected? did I not harden the machine? NOPE, total PEBKAC. When the AV practically threw itself in front of him trying to install the "new Limewire" a hacked Limewire ripoff he uninstalled it so it would "shut up" and let him have his bugs. Well he got it alright, more than 60 bugs running.

Now the ONLY way the government can have ANY effect on that level of stupid is to take away all our rights to run what we want and give us basically "approved disc images" or locked down OSes with app store style "choice" as to what you run.

Because lets be honest folks: the government can shut down botnets until the cows come home, but from THAT level of stupid, as shown above? Hell they might as well be pissin in the wind for all the good it will do. I mean how can you even attempt to stop something that all they have to do is print the equivalent of "free candy" on the side to get morons to ignore their AV and everything else just so they can install malware onto their own machines? Short of baby proofing the world how can you stop super stupidity without taking choice?