Feds To Remotely Uninstall Bot From Some PCs

CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."

That's ok

[Dunbal]

If it damages my system I'll just re-install from a back-up image I made. Oh wait...

Re:That's ok

[Samantha+Wright]

I'd be more worried about, you know, the owners of the botnet reading this article and taking preventative action? I mean, if it's already too late for that (which past articles assert, it is), then it's not really "crippling", is it?

Re:That's ok

Which operating system was this again?

Re:That's ok

[hellkyng]

The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

Re:That's ok

[cosm]

Which operating system was this again?

EvolutionSoft PEBCAC 2011

Re:That's ok

Windows then? Microsoft still using the same responsibility-deflecting script?

Re:That's ok

[Em+Adespoton]

Being the FBI, wouldn't they start by identifying all bots NOT within the US, and uninstalling those ones? After all, that can come under the purview of protecting the Federation from foreign attack on American soil, and nobody's going to be able to sue them about it. As long as they avoid big multinational corporations, this would be a no-brainer move.

After this, ALL botnet activity would be fully within the US, so they'd have other tools to work with to help mop up the rest.

Re:That's ok

[Redlazer]

They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

Re:That's ok

Forcing users to install your operating system of choice is not freedom winning. It's the exact opposite.

If that's the only way for open source to win, then open source deserves to lose. But I think OSS can do better.

Re:That's ok

[RobertM1968]

They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

Some are asses. ;-)

Re:That's ok

[PraiseBob]

Remotely uninstalling malicious software from an unsuspecting persons machine is a dick move? If someone was passing out cupcakes and put one on your desk without asking, would you call that a dick move also?

Fixing somebody's computer is a gift. Fixing their machine because it is attacking mine, is something I appreciate. If you don't trust a federal agency to have the authority to remove the virus, then whom do you trust? Rival hackers? Microsoft? They've done such a great job so far in containing the problem. The malware problem isn't going to go away by itself. People will not wake up one day and decide to update their machines.

Re:That's ok

[clang_jangle]

I would have expected he knows that and is trolling ("linux == leftist 'jack booted thugs'" troll), but one never really knows...

Re:That's ok

[postbigbang]

Not if it leaves the machine in an unclean or unusable state. If you thought anti-American attitudes are bad now, imagine the FBI disabling a couple hundred thousand key machines abroad-- just to get rid of a virus.

Re:That's ok

[mysidia]

They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

I disagree. These systems are infected. If the FBI knows about that; if they have gained control of a botnet, backdoor codes or other piece of malware, they should be free to immediately take all available actions to uninstall or disable known infected computers.

There's definitely no right to be running botnet code.

I say we need a law authorizing ANYONE to uninstall worm software/viruses from any computer by any means made available by the malware, at will, without alerting the user, anyone else, or requiring anyone's permission or approval; so long as the only method used to uninstall is provided by the malware (or backdoor), the only command executed is cleanup/uninstall, and no financial or other gain is obtained (other than cleaning up the internet/reducing spam).

Re:That's ok

[mysidia]

Not if it leaves the machine in an unclean or unusable state. If you thought anti-American attitudes are bad now, imagine the FBI disabling a couple hundred thousand key machines abroad-- just to get rid of a virus.

Disabling is the normal course of action taken on an infected machine. In fact, the only method certain to work.

SOP when discovering a backdoored machine spewing spam, participating in a DDoS, running a backdoor, or botnet node, should be: to if possible, use the malware's infiltrated command and control or the published backdoor to render the backdoor or the system useless to further the attack as quickly as possible.

The simplest and most strongly recommended method is to to prepare a text message to alert the operator that the computer is infected, make various modifications to ensure the OS becomes unbootable, and overwrite the MBR with boot code to display the alert message and halt, every time, instead of booting.

Removing the infection is the operator's responsibility. Any security consultant worth their salt will inform you, the only acceptable, reliable way of removing the infection, and bringing the computer to a state where it is acceptable to ever connect to the internet again: is to perform a clean install of the OS, and full update of the OS, due to the fact that malware can modify any file on the system, kernel itself, etc.

Such modifications are generally undetectable, and even if they are, a clean install is required to a verifiable OS in order to be able to accurately validate the integrity of backed up files prior to restoring them.

Re:That's ok

[postbigbang]

Sweet.

A bit draconian, are you?

If there'd been sufficient investment, someone could just shut off the port. Rootkits mean you get a new kernel after you've rendered what rooted it permanently dormant.

So sure. Let's say you render a couple hundred thousand machines unbootable by wiping their partition tables, MBR, or whatever. They wake up the next morning, and do they love you? Can they do business? Can they read x-rays? Will their their stuff work?

Your method might be nice for screwing up extractors in Iran, but I think you lose a lot of friends with that ostensible SOP.

Slaughter them! They're infected!

Re:That's ok

[tibit]

I don't know about you and so called "security consultants", it's very, very easy to check offline (from a separate host) that a hard drive with a Windows partition on it has legitimate files as released by MS. Digital signatures and all that jazz. This whole reinstall attitude is frankly said getting on my nerves. Waste hours (if you're not in an imaged environment) on reinstalling a system where perhaps a couple files and a dozen or two registry entries are wrong?! Fuck no!

Re:That's ok

[mysidia]

A bit draconian, are you?

Maybe. Apparently you aren't one of the guys they send massive amounts of unwanted spam to?

So sure. Let's say you render a couple hundred thousand machines unbootable by wiping their partition tables, MBR, or whatever. They wake up the next morning, and do they love you? Can they do business? Can they read x-rays? Will their their stuff work?

The problem is the malware/rootkit leaves their stuff seeming to work; and it's invisible to them, so they don't even bring someone in to look at it, let alone repair it.

Your average organization with malware crawling around has no IT management, there's no active directory, group policy, or technical restrictions against employees running software -- everyone runs as admin, any anti-malware/antivirus software is hopelessly out of date, and they're probably still running Windows XP at the moment.

You're not going to be able to "turn off the port", because there are way too many of them, they don't have static IPs, and WHOIS is basically useless. Their ISP won't even tell you (or law enforcement) who their technical contact is (if they have one) without subpoenas.

The most expeditious way for anyone to handle this is to nuke from orbit by reversing the behavior of the malware author's backdoor. Make the software shout about its presence instead of hiding.

Make the breakage of the machine VISIBLE so the repair company has to be called, and money has to be spent, so the SMB cannot continue to ignore their workstation infection, even when informed of it.

Re:That's ok

[Martin+Blank]

The FBI would then be doing what the botnet authors did: making changes to the user's system without the user's authorization. Removing the system from the Internet by requiring the ISP to place a block on the connection until such time as it could be verified as clean would be much more ethical. If the malware removal function has a horrible bug and leaves the system in an unusable state, the FBI is then on the hook for damages, which could make it reluctant to undertake such actions in the future. The same happens if there is no removal function but the FBI writes one and forces an update and then a removal but it goes sour on some systems.

Re:That's ok

[webmistressrachel]

"Forcing countries to use your economic system of choice is not freedom winning. It's the exact opposite."

There, FTFY, but sarcasm troll aside, we have a lot to learn, don't we? Individually, some of us are astoundingly intelligent, but as a race, we're look dumb.

Re:That's ok

[postbigbang]

In the meantime, while a machine is working, it's hopefully serving a useful purpose. Some might be critical, like a point-of-sale or even more critical in a police station or hospital. You can't reach across the Atlantic, grab the machine's hard disk, and crater the machine. No valid SOP does that.

I realize that partitioning the machine by turning off its port is not a valid procedure, because most ISPs or providers in general don't spend money on addressable ports. They should.

But you can't nuke them. You can send them a notice saying that they're going to be disabled in X days, and here is EXACTLY HOW TO PROCEED to save the functionality of your machine.

You can also use the C&C network to allow itself to self-destruct. It got there, and if the machine is truly under its control, it can deliver a disabling payload to that machine.

But you can't willy-nilly just put a bullet through its boot sector. Doesn't fly.

Re:That's ok

[webmistressrachel]

(sic) before you start...

Re:That's ok

[Redlazer]

There's just too many variables involved. I'm glad they're doing opt-in instead of opt-out - that's the mainstay of my comments significance.

Right now, there's no precedent that a government organisation could effectively deal with a situation like this without breaking everything. Is it ok if they do a drug bust, and 1 out of 23 innocent people die? Collateral damage by the government has to be mitigated as much as possible.

I'm not saying that we can't trust the government to do anything. I think the FBI is doing a good job so far, and I'm looking forward to their results. But caution on the part of commentators, I think, is a good idea. It's far from a simple, surefire action. It is likely it will be, but there are variables that they can't control for.

Oversight of government actions is what is critical - not avoiding government action or permitting excessive government action.

Re:That's ok

[mysidia]

it's very, very easy to check offline (from a separate host) that a hard drive with a Windows partition on it has legitimate files as released by MS. Digital signatures and all that jazz.

No. The System filechecker is trivially defeated, even when checking offline.

The trouble with 'digital signatures' is there are multiple valid signers, and you can't enumerate a priori which ones are valid. The tampering of tampered with files does not even necessarily occur on the files you see on the physical medium offline while rootkit is not loaded.

Lots of Windows systems have a boatload of legitimate non-Microsoft application files and non-Microsoft system drivers for hardware are almost universally present. And what the registry contains is really quite important, especially when malware involves loading a program that contains a rootkit.

The loader may be found as an application, small file, or binary blob in the registry somewhere. The actual payload activated by the malware loader, may not even reside as files on the NTFS volume; as anything running as system user may be able to read code from raw disk sectors (even NTFS disk sectors that are not actually linked to files you can scan/access).

Try as you might, it is basically impossible to enumerate every possible registry content that will cause malware hooks to load into memory and run payload at system boot.

Verification of the content of all known system files does not verify the integrity of the system.

Re:That's ok

[c0lo]

Not if it leaves the machine in an unclean or unusable state. If you thought anti-American attitudes are bad now, imagine the FBI disabling a couple hundred thousand key machines abroad-- just to get rid of a virus.

Disabling is the normal course of action taken on an infected machine. In fact, the only method certain to work.

SOP when discovering a backdoored machine spewing spam, participating in a DDoS, running a backdoor, or botnet node, should be: to if possible, use the malware's infiltrated command and control or the published backdoor to render the backdoor or the system useless to further the attack as quickly as possible.

Easy... easy... You know, I wonder how the situation would be seen if China would start to disable US computers only because they are used for serving content that don't fit their policies. I mean, for them that content might be as "aggressive" and "dangerous" as a botnet.

Re:That's ok

[BBTaeKwonDo]

If somebody except me or Microsoft can control/disable my computer remotely, then I'm already pwned, an I not? I might not like when I am made aware of this, but it would do me some good in the long run.

Re:That's ok

[mysidia]

Easy... easy... You know, I wonder how the situation would be seen if China would start to disable US computers only because they are used for serving content that don't fit their policies. I mean, for them that content might be as "aggressive" and "dangerous" as a botnet.

If that "content" includes a backdoor on their server that lets any random third party in, I see no problem with that.

If the content is important, someone will have mirrored it and present it elsewhere in a form without a self-pwnage backdoor.

Re:That's ok

[mywhitewolf]

while we are at it, why not burn down houses that have been broken into? you know, because the back door was left open...

Your government isn't to touch any of my shit regardless of its reason. what if i run as a part of a botnet for a good reason? I'd like some plausible deny ability just in case my government slandering blog gets re-associated to my IP address.

Re:That's ok

[Aeternitas827]

Dicks and asses, eh? And where they meet, a whole lot of people get fucked?

Re:That's ok

[NSN+A392-99-964-5927]

The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

It is the FBI's computers that became infected by a CIA experiment gone wrong.

Re:That's ok

[Angostura]

Some might be critical, like a point-of-sale or even more critical in a police station or hospital.

Exactly the kind of machine I'd want a bot running on.

Re:That's ok

[clydemaxwell]

Just gonna chime in here that getting some irritating unwanted messages in your inbox hardly warrants anything like what you're recommending.
I don't know what it is about penis enlargement advertisements that make people throw out common sense and respect for others out the window.

"Nuke the site from orbit, it's the only way to be sure"

Re:That's ok

[clydemaxwell]

"i say we need a law"
"let me do what i want to your PC; i know better than you do"

i don't care if you mark me flamebait. go to hell.

Re:That's ok

[ThatsNotPudding]

Remotely uninstalling malicious software from an unsuspecting persons machine is a dick move? If someone was passing out cupcakes and put one on your desk without asking, would you call that a dick move also?

If their secret ingredient to give things a little tang was antifreeze, then yes .

Re:That's ok

[datapharmer]

Well that doesn't really fall under the FBI mandate first of all, and second of all it is somewhat irrelevant, as the vast majority of affected computers are U.S. connected either in country or in territories/military facilities: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=100313 (note that the link is to the trojan that installs the backdoor they are removing, but as this infection is a prerequisite in most cases, it should be a good indicator of infection levels.)

Re:That's ok

[JimFive]

There's definitely no right to be running botnet code.

You might be surprised. There is certainly a "natural right" to run whatever code I wish on a computer that I own. My exercising of that right (as with other natural rights) is limited by its effect on others. The common expression is "your right to swing your arms ends at my nose."

Since the botnet software itself(*) is not affecting you there is a right to run it. However, if the commands that the botnet CnC send begin to affect you then I may not have the right to execute those commands.

If you didn't have this right then you would not have the right to run any distributed computing environment such as SETI@home.

(*)I am making a distinction here between the software that allows a computer to receive commands from the command server, and the commands that are received.
--
JimFive

Re:That's ok

[mysidia]

while we are at it, why not burn down houses that have been broken into? you know, because the back door was left open...

No... burning down houses would be akin to destroying hardware; which I don't suggest.

If the house is found unprotected with druggies congregating inside; then I fully expect authorities to cordon it off, remove utilities, and generally render the building uninhabitable until the investigation is over, and the owners will be required to fix the security issues, before habitability, utilities, etc, can be returned.

Re:That's ok

[bluefoxlucid]

The trouble with 'digital signatures' is there are multiple valid signers, and you can't enumerate a priori which ones are valid.

I think he meant just the Microsoft files. And it's totally possible to enumerate all other signatures, because the certificate is digitally signed by Microsoft, and readily available from a CA...

Re:That's ok

[mysidia]

I don't know what it is about penis enlargement advertisements that make people throw out common sense and respect for others out the window.

Characterizing the problem with botnet nodes solely as "penis enlargement advertisements" in that manner is like saying "I don't know what it was about burning graphite and CO2 release at chernobyl that make people throw out common sense and respect for others"

The issue is not a "lack of respect for others" by people receiving spam, whatever the hell that means.

There's a lack of respect for the technology and the community by people operating the computers that wound up sending spam.

And the spam is theft of services from everyone else, theft of mailbox resources, and goes generally far beyond simple annoyance.

In fact, Spam reaches the level of danger... phishing, scamming, and spread of exploit code/ malware/other unwanted sneaky software through spam are extremely common.

Re:That's ok

[Chris+Tucker]

You do realize that your snarky comment has been misinterpreted as being serious.

Pity that I currently lack mod points.

Re:That's ok

[eleuthero]

Preventing infection is also good--posting cautionary notes to a user's desktop when they've shared read/write access to all for their entire drive, etc.

Re:That's ok

[Quirkz]

PEBCAC = Problem Exists Between Chair and Chair?

Re:That's ok

[KingBenny]

mmyeah, i was like thinking more something like : whatever happened to format c: ? how does an infection survive that ? did i miss something somewhere ? does one need an army of slaves to backup data these days ? i mean, like, if you know you're infected and all .. eum ... i'm confused, it does not compute

Re:That's ok

[mysidia]

I think he meant just the Microsoft files. And it's totally possible to enumerate all other signatures, because the certificate is digitally signed by Microsoft, and readily available from a CA...

Not all Microsoft files are digitally signed in XP/2000/2003; e.g. Explorer.exe. And malware can make explorer run it by inserting itself as an 'explorer plugin' / context menu / extension.

Ever run sigverif on a windows system? Most files malware might want to modify are unsigned by MS/anyone else.

And just because the file isn't made by MS doesn't mean it is unimportant.

Malware injecting code into a flash plugin, web browser, or a multitude of systray apps the average user has, can run just as quickly as malware that injected code into explorer.exe can.

Re:That's ok

[webmistressrachel]

You know you've been mod-bombed when a clearly insightful, intelligent post which points the finger at no-one in particular but makes a succint point

is modded "Overrated" when it's at it's default (Score:1)

If there's any oversight or monitoring going on here, I implore you to investigate other recent mods by this user - either they are modding me down personally, or are serving a particular political agenda (I suspect the "tea party" and "pro-iraq") agendas.

Regardless of political views or your feelings about the value of the post itself ("Troll" or "Flamebait" wouldn't have been nearly as insulting, nor would those mods have caused the suspicions outlined here), it is obvious at this point in time, and can be proved very easily from server logs that the moderation described here is a clear and blatant abuse of the system, which we all claim to abhor. Users who abuse the system should be disallowed from using it, surely we can all agree on this? Describe to me how a post can be "overrated" at 1 with no other mods done yet?

Re:That's ok

[RockDoctor]

Make the software shout about its presence instead of hiding.

That would be my strategy too. Something that requires human interaction every few minutes ... then after an hour or so, it requires action every minute ... then every 30 seconds ... Big flashy scary warnings on boot. Make the machine sing painful sounds on alternate boots. Make getting the machine fixed the less painful option than letting things carry on.

Oh, and if the machine in question has a well-known popular email client, append a "this machine is infected by X, Y and Z" to each account's signature code and turn the thing on ; a bit of public shame might help too.

But most of all, make damned good and sure that your new code works and is safe. And that your clean-up tools work. (That bit the FBI ought to be able to out-source to an AV vendor.)

Lemme guess how they're going to get consent...

[jthill]

they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?

Re:Lemme guess how they're going to get consent...

[MrEricSir]

No, it's going to be through popup ads that look like Windows dialog boxes. First it will scan your computer, then find a virus and offer to sell you Virus Remover 2011 at a steep discount!

Re:Lemme guess how they're going to get consent...

[maxwell+demon]

they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?

Oh, and give your local login/password on that site (the admin account, of course). After all, the FBI needs that to access your computer ...

Re:Lemme guess how they're going to get consent...

[Em+Adespoton]

"The FBI has detected a botnet running on your computer. Due to federal privatization initiatives, botnet removal has been subcontracted to Botnet Blaster 2011. Click here to purchase Botnet Blaster 2011 and avoid having your house stormed by an FBI tactical team."

Re:Lemme guess how they're going to get consent...

[timeOday]

Well, there are worse ways to be notified.

(OK, OK, that might have been the ATF or somebody else, I don't know.)

Re:Lemme guess how they're going to get consent...

[mysidia]

Hey... anyone know where I can buy stock in the company that sells Virus Remover 2011 and Antivirus 2011?

Re:Lemme guess how they're going to get consent...

[gl4ss]

it'll be more of a chore to submit the authorization than it would be to download an uninstaller..

Re:Lemme guess how they're going to get consent...

[vawwyakr]

Oh crap "I agree"

Re:Lemme guess how they're going to get consent...

[iMacorIBM]

"Federal authorities will remotely uninstall the Botnet Blaster 2011 Trojan from some infected Windows PCs over the next four weeks"

Release the Company Names

[MoldySpore]

I'd like to see what company's are on the list. Specifically what IT companies. Even more specifically, if any network hardware providers made the list. Always fun to see what companies actually know networking that are selling the products that us in the field buy and put some measure of faith in to protect our networks. Same can be said for some software IT companies for end-users. I would be a bit more wary about considering a company's software protection product if they'd been compromised by one of the world's biggest botnets for X number of years and needed the FBI to call them up and tell them about it.

Re:Release the Company Names

Wouldn't be surprised to see Sony and their PSN team on the list.

Why not just report the issue to the user?

[SuurMyy]

It would be better to report the issue to the user and provide links to well known antivirus companies. This way the user would be able to trust that the Feds aren't installing anything on their box while they may or may not remove what they tell the user... ;-)

Re:Why not just report the issue to the user?

[ColdWetDog]

Hi! We're from the Government. We're here to help you.

Re:Why not just report the issue to the user?

[cobrausn]

Supposedly Microsoft is pushing out the 'Malicious Software Removal Tool' as part of Windows Update that will actually remove Coreflood if the user machine has already recieved the 'halt' command from the FBI servers. I guess that counts...

Re:Why not just report the issue to the user?

[hellkyng]

I believe Microsoft included detection in their MSRT (Malicious Software Removal Tool) so as long as users and regularly updating they should have this taken care of on its own shortly. I imagine the FBI is probably assuming most users aren't actively updating, or targeting "high value" or infrastructure type computers for a more aggressive removal strategy.

For the tin-foil crowd, if the FBI really wanted to do bad things to your files, they wouldn't have made it public they captured the command and control servers :)

Re:Why not just report the issue to the user?

Hiding in plain sight... I don't give personal information to ANYBODY who phones me, and I don't give access to my computers to ANYONE! If you do, consider yourselves pwnd, and that everything you do is now theirs...

Re:Why not just report the issue to the user?

[XanC]

*BLAM*

*BLAM* *BLAM*

Re:Why not just report the issue to the user?

[somersault]

Yeah, idiots with pwned machines are well known for keeping up to date.

Re:Why not just report the issue to the user?

That seems scary. But then you have a natural disaster hit, or some other issue, and damn you are happy for them to help.

Right now I'm hoping the empty house near me gets a visit from the gov't, since it has storm damage and I don't know the owner so I can't help.

Re:Why not just report the issue to the user?

all your base are belong to U.S.

Re:Why not just report the issue to the user?

[heypete]

Critical (XP) and Important (7) updates are available to everyone, including users of pirated systems.

The MSRT is listed as an Important update on my Windows 7 systems (don't have any XP ones to check).

Re:a better fix

Giving Linux to someone who can't even use Windows properly is like replacing their car with a tank because they got into too many accidents. Sure, they won't get hurt, but they'll probably never even figure out how to start it.

Soon to be executive powers

[suso]

It won't be long before we have cases where the president exercises executive powers in the name of freedom and national security which grants them the right to access our computers without our consent.

Re:Soon to be executive powers

[somersault]

Well, at least somebody is making an effort to stop all the fucking spam. Slippery slopes are nice and all, but that kind of thing can already be done legally via the courts, the PATRIOT act, etc.. at least what they are doing here is beneficial to the world.

Re:Soon to be executive powers

Slippery slopes are nice and all, but that kind of thing can already be done legally via the courts, the PATRIOT act, etc..

I think you just diminished slippery slopes while describing how one works all in one thought.

Re:Soon to be executive powers

[somersault]

The point is that you've already let stuff like that happen, yet you still complain about valid uses of power.

Re:Soon to be executive powers

[garwain]

Something must be working to stop the spam. My mail logs are showingg that my daily spam is now ONLY 73% of all email passing through my server. THis time last year it was hovering around 98%. I'm also seeing a slight reduction in bandwidth fees, but then blocking youtube and facebook probabaly had more of an impact...

Re:Soon to be executive powers

[somersault]

I sometimes ponder blocking them just to increase my own productivity! I mean if employees really want to waste time on Facebook these days, they can do it from their phones anyway..

The remote wipe move will require consent

[Riceballsan]

Consent?? Does that mean the users infected with the botnet will get "Warning your computer is infected, click here to remove the virus's you didn't know you had from your computer", on one hand it's probably the target of people that were gullible enough to fall for it once to get the botnet in the first place, but teaching them it is actually possible for a legitimate goal to do it, means they will be infected again in a week.

Re:The remote wipe move will require consent

[x*yy*x]

Well what would you think if the government or any other people would mess with your computer without your consent? What if they decided "utorrent.exe" was harmful and decided to remove it without asking you?

Re:The remote wipe move will require consent

[jd]

As much as I would love the Feds to just run a complete vulnerability scan of the US (not unlike the Internet Auditing Project) and then remotely uninstall every instance without telling a damn person (if the virus doesn't de-install cleanly, that's a bug in the virus so go sue the authors), I get the impression there'd be a few complaints. In part, because the Feds have shown themselves to be ethically-challenged from time to time.

If you want - really, truly want - bots and spyware to be gone forever, it's going to take a Federal agency vulnerability scanning your machine and installing nagware when your machine is shown as both infected and insecure. (Insecure alone might just be a honeypot, it doesn't prove there's a real vulnerability present.)

Nobody is going to trust an agency to do this. Doesn't matter if that's just or unjust, the only just that matters is that it's just not going to happen. In consequence, corporations will fail to secure products, users will fail to secure their machines and the problem will miraculously fail to vanish all on its own. Things won't change without pressure and the only sources of pressure big enough won't and/or can't.

Re:The remote wipe move will require consent

[mysidia]

Nobody is going to trust an agency to do this. Doesn't matter if that's just or unjust, the only just that matters is that it's just not going to happen.

But they trust completely anonymous massive numbers of third parties (that include spammers and ID thieves) not to do whatever the h**** they want, using any open vulnerabilities they find?

How about the agency outsources it to private industry; and requires all exploits and payloads utilized to be open source, fully documented, and subject to review by any member of the public....

Re:The remote wipe move will require consent

Fucking christ... you "bleeped" out hell? DIAF.

Re:The remote wipe move will require consent

[jd]

But they trust completely anonymous massive numbers of third parties (that include spammers and ID thieves) not to do whatever the h**** they want, using any open vulnerabilities they find?

As far as I can tell, the answer to that is "yes". At some point, psychiatric care will be available to deal with this, but for now - and for reasons I will never understand - said third parties are trusted completely and the government is mistrusted utterly, despite them having roughly the same capacity to abuse whatever is on your computer and the third-party arguably having far more incentive to do so. I seriously, seriously doubt there are many Dick Turpin types writing malware, though.

How about the agency outsources it to private industry; and requires all exploits and payloads utilized to be open source, fully documented, and subject to review by any member of the public....

I already assume that if some party wants to abuse a system they'll already be trying to break in, that if they don't then allowing them to try to break in won't change how they think or how they act, and if they do and they have broken in, they're not going to ask my permission before installing rootkits anyway. Others aren't so charitable, which is fair, so the question is whether this meets their objections.

Re:The remote wipe move will require consent

[Aeternitas827]

With an extra fucking star, nonetheless. Must have been fucking emphatic.

Re:The remote wipe move will require consent

[hb79]

> As much as I would love the Feds to just run a complete vulnerability scan of the US [...] and then remotely uninstall every instance without telling a damn person.

Gheez, no wonder why privacy is dead in the US.

You seem to be on your knees, finger pointing at your arse, and screaming: "Give it to me!" (Or is that low ID number hiding a bitter old man? Still doesn't help privacy, though).

Re:The remote wipe move will require consent

Consent?? Does that mean the users infected with the botnet will get "Warning your computer is infected, click here to remove the virus's you didn't know you had from your computer", on one hand it's probably the target of people that were gullible enough to fall for it once to get the botnet in the first place, but teaching them it is actually possible for a legitimate goal to do it, means they will be infected again in a week.

I'd like to take this space to direct your attention to the top of this page. There you will find a section titled "Summary", which contains the answers you so desperately seek.

Re:The remote wipe move will require consent

Maybe there'd be few complaints since the same people with infected computers wouldn't have the capacity to know that it was the FBI, since the FBI would be connecting to the C&C server (not their home PC) and issuing the commands from there to uninstall the bots.

If you want the FBI to really show ethically-challenged stripes, suggest that instead they don't uninstall it at all, and just let the botnet spread. Give the FBI a backdoor into thousands of private documents and the ability to perform DDOS attacks on whatever site they hate at the moment...

Re:The remote wipe move will require consent

You think putting the feds in charge of virus removal is the solution? Maybe its the news sites I tend to explore or something but everything I see suggests that getting the feds involved makes things WORSE, not better. No fly lists/terrorist watch lists with millions of names including professors and political rivals. TSA inspectors tripping on their power and groping 6 year old girls. FBI agents paying tens of thousands of dollars to destitute people so they can parade them around as an example of domestic terrorism (Liberty City 7). I'm not saying we don't need government in some capacity but I think its hard to argue that we haven't exceed that level by several orders of magnitude.

Re:The remote wipe move will require consent

[jd]

Like I said, they already have the capacity to scan your computer and install whatever the hell they want on it. Of the millions of computers out there with undetected malware on them, you cannot possibly know what percentage of that malware is NSA- or DoD-sponsored. Even Congress can't get the Government agencies to say what they are doing. (Last time Congress tried, after Australia admitted Echelon existed and was in use, the NSA told them to bugger off.)

Therefore, putting the Feds in charge of virus removal won't change the chances of them spying on you. If they wanted to, they would have done. Telling them to go clean up the US isn't going to make any difference there.

What it will do is keep them busy. Idle hands make mischief, as the saying goes. Never, ever allow people with significant power to be idle. That is stupid, dangerous and absolutely guaranteed to lead to abuse. The TSA inspectors are an example of that. They abuse power because they're bored witless. The incidence rate, at least as far as it's reported, is about one threat of any significance every 2-3 years for the nation as a whole. Combine overwhelming power and absolutely no outlet for it, what do you expect? Of course they'll be "creative".

Hard work and no play makes Jack a trustworthy holder of power. Dull, too, perhaps, but trusted. Besides, dull is a good thing in such cases.

Re:a better fix

[Dunbal]

Oh come on - tanks are driven by people who have volunteered to get shot at. How hard can it be? Certainly no harder to drive than the old 1970's caterpillar D-6C (a bulldozer for those not in the know) and actually much easier. I've seen them with handlebars and a throttle just like a motorcycle. Add a brake pedal for each side and an automatic transmission and you're set.

Re:a better fix

[Qzukk]

You know the first thing they're going to push is the big red button marked "Fire".

bill Microsoft for the expense, not taxpayers

Why is the government doing this at the taxpayers' expense? The OS is broken, has been for a decade, and Microsoft should be billed for expenses. If an auto manufacturer sold a vehicle that melted in the rain, they too would be responsible for the expense. Windows should be recalled and fixed not just painted and prettied up and rereleased.

Re:bill Microsoft for the expense, not taxpayers

[jd]

The government is doing this at the taxpayer's expense because the taxpayer voted in a government that likes the rich having the money and you not. Vote into power someone who doesn't give a damn about the rich next time. Of course, that requires finding one - and then finding one willing to run for office. In general, those with the best ethics are the least-suited to politics and the ones best-suited to politics are the ones with no ethics.

Re:bill Microsoft for the expense, not taxpayers

It's a Trojan. That's like charging the auto manufacturer for vehicle thefts perpetrated by a valet parking service. Then stolen vehicles are then driven around to form car barricades preventing access to various stores, offices, services.

And that would be up to the government to stop.

Re:bill Microsoft for the expense, not taxpayers

Your analogy is flawed.
Billing Microsoft here would be like billing auto manufacturers for stolen cars, because they installed locks that could be circumvented.

Re:bill Microsoft for the expense, not taxpayers

[mysidia]

Whoa... hold it there. If you start that precedent about OS vendors being charged for security issues...... that would put open source companies, incl. Redhat in quite a pickle.

No platform can claim to be completely free of security issues. And any platform that reaches critical mass is going to have infected/compromised systems doing naughty things (like SSH brute force attacks en masse).

The number of non-Windows botnet nodes is far from zero.

Re:bill Microsoft for the expense, not taxpayers

[cavreader]

The OS is broken? Explain. And while your at name one piece of software or OS that was 100% bug free when released. Your auto manufacturing example would be more like someone using a crow bar to smash your car window in order to steal it. Should the auto industry build-in armored windows to prevent this action? I am sure they could but the price for the auto would go up. On the chance someone could develop a bug free OS how long do you think that would take? Both Apple and Microsoft have been working 20+ years to achieve that goal and it doesn't look like they are getting any closer.

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

If an auto manufacturer sold a vehicle that melted in the rain,

Then it might be made of sugar (and delicious) or salt (and good for margarita night or deer hunting).

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

I have borderline ethics, think the idea of holding public office is novel (it might get me a Wikipedia entry!), and think CEOs and top-tier professional athletes are overpaid buffoons. I also carry a dagger in my shirtsleeve. Do I have your vote?

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

It's a Trojan. It ruins all the fun.

The above would also have been an acceptable response.

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

And while your at name one piece of software or OS that was 100% bug free when released.

How about this little bit of BASIC? 10 PRINT "HELLO WORLD" 20 GOTO 10 Does exactly what I want it to, every time.

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

Goddammit, forgot the line breaks. Imagine 'em.

Re:bill Microsoft for the expense, not taxpayers

Maybe you'll consider these feature requests rather than bugs, but:

Bug 1: Program has no useful purpose.
Bug 2: Program assumes English. Completely unlocalizable.
Bug 3: Program does not exit cleanly; have to kill it.
Bug 4: Program output is in all caps. Expect sentence capitalization or title capitalization.
Bug 5: Program does not compile or interpret.
---> RESOLVED: Fixed in imagination build. Newlines were eaten by the source control.

Re:bill Microsoft for the expense, not taxpayers

[Aeternitas827]

#3 could be a bug...but really, the bug is in the eye of the beholder. What to you is a bug, is to me a feature!

#1 is already resolved, assuming Bugs 2-5 can be considered Enhancement Requests for v1.1 (or v1.0.1, or v2), and the program had the useful purpose of proving that software can exist, at release, without bugs (this would disqualify Bug #1 as a bug, but rather make it a user education issue for the target audience).

Re:bill Microsoft for the expense, not taxpayers

[cavreader]

Believe it or not I have seen people screw up even a "Hello World" function.

Re:bill Microsoft for the expense, not taxpayers

[jd]

If America used the Alternative Voting System, you'd have half my vote.

U can trust us, we are the government...

What a wonderful opportunity for govt. agencies to place keyloggers and such on these systems. Yes, they will probably remove the malware, but what are the chances they will install "something else"? The temptation would be way too great, IMHO.

Re:U can trust us, we are the government...

[somersault]

Uh.. if they wanted to do that, they could do. What exactly do you think they'd find so interesting about the average person's web browsing habits? Do they perhaps need credit card details for extra funding? I don't think so.

Re:U can trust us, we are the government...

[jd]

Stop and think. If they've already scanned these machines, any keylogger will already be installed. Besides, there's a Firefox extension for jamming keyloggers.

Besides, what would they need a keylogger for? We already know (because the Australian Government has said so) that Echelon is real and does exist. The total lack of use of cryptography means that there's nothing you can type that they can't read already.

Re:U can trust us, we are the government...

[Aeternitas827]

You could, however, type out the alphabet (CAPS and lowers), numbers, symbols, and such into a word editor, and painstakingly copy/paste every letter of your usernames, passwords, and posts. When they keylogger turns up 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`-=[]\;',./~!@#$%^&*()_+{}|:"?^C^V^C^V^C^V^C^V...', I imagine there would be some crying.

Also, you may be required to wear a tin-foil sombrero. Also, this is probably defeatable in any case.

As much as I hate to say this

[teknosapien]

since most of the machines I'm guessing are running a Microsoft product, maybe they should be the ones carrying this out on infected machines. Lets face it they are probably better situated to see this through. the feds should go back to being the agents of the RIAA and MPAA and leave the computer work to the professionals

Re:As much as I hate to say this

[h4rr4r]

Or maybe Microsoft software is what got these users into this mess, so someone else should fix it and Microsoft should just foot the bill.

Re:As much as I hate to say this

[TaoPhoenix]

What else do you think they will do with access to your system besides the botnet campaign? "While repairing the botnet, we discovered 137 copyrighted files. These have been reported to the **AA. Have a nice day!"

Re:a better fix

[vijayiyer]

The hard part is driving it while you're being shot at.

Re:a better fix

[codegen]

You know the first thing they're going to push is the big red button marked "Fire".

The tank driver can't reach that button. It's for the back seat driver.

I havent received

[nimbius]

any notifications yet from the FBI about the botnet and my computer, has anyone else?

also, do i need to disable selinux before they uninstall the bot on my computer? or can they do it from a regular user account with limited sudo?

Re:I havent received

I was wondering similar. Wondering if I'd have to set up port forwarding on my edge router to let Apple Remote Desktop in.

Re:I havent received

No, since SELinux is developed by/with US agencies, it's already installed for your convenience. ;)

Re:I havent received

-1, Started a sentence in the topic, concluded it in the body.

Re:I havent received

[Aeternitas827]

Create timeouts/failures! Attach a router to your router, forward the requisite port on Router A to go to Router B, who would be configured to forward BACK to Router A!

It's like forwarding my calls to a number that will forward my calls to me. They wait and wait, my phone never rings, and eventually they get pissed and hang up!

Re:I havent received

[Aeternitas827]

+1, Insightful response to Jackassery
-1, Jackassery

A far more effective solution...

[Daniel+Phillips]

Uninstall Windows.

Re:A far more effective solution...

[Daniel+Phillips]

Uninstall Windows.

Or don't uninstall Windows but make computer owners legally responsible for their computers in the same way they are legally responsible for a swimming pool. The resulting fines would either stop botnets entirely or eliminate the national deficit. In short, a tax on the stupid.

Re:A far more effective solution...

[c6gunner]

Yah, those fines will stop botnets the same way the RIAA lawsuits have stopped piracy. It can't fail!

Re:A far more effective solution...

So if someone breaks into your back yard, scoops up the water from your pool, transports it to a freezer then drops the resulting ice on people from rooftops, you are morally responsible for their deaths?

Re:A far more effective solution...

[bill_mcgonigle]

C'mon, this is Slashdot. You left your garage unlocked, somebody stole your car and ran down some pedestrians.

Re:A far more effective solution...

In short, a tax on the stupid.

I've seen more viruses / spyware / rootkits / trojans than I'd care to recall. The most recent rendition simply required the windows explorer to restart for a virtually undetectable rootkit to be installed. There wasn't a single security product which would identify it, let alone remove it. I knew about the rootkit because the restart of the Windows explorer was an alarm bell. How many people running Windows would have spotted the explorer restart and how many of them would have other applications which also cause Windows explorer to 'restart' and so it would have slipped under the radar?

2 years ago, you would have to be in-experienced / stupid / negligent for a bot to pwn ur pooter. Today, you just have to run Windows. There isn't a cure for the latest malicious software, and while Microsoft enlist the assistance of the FBI to try to address the near total penetration of Windows systems with spyware / botnets / malware / rootkits, the pwners of the networks are about 20 steps ahead of them.

Windows just isn't secure, and can't be secured. Who should take responsibility for putting an insecure machine in the hands of inexperienced users in every household and at every desk in the world? Every single person who uses computers?

The solution isn't to fine the 'stupid', software requires a warranty that is fit for purpose. If Microsoft intends for your Windows computer to be able to process credit card transactions, then Microsoft has a responsibility for the operating environment to be secure enough to process credit card transactions. Otherwise your purchased goods are not fit for purpose.

Re:A far more effective solution...

I know a ton of people who are not stupid, but are definitely not terribly computer literate, i.e. they know how to use software for their jobs and figure out a video game, but couldn't tell you the difference between a cross-site scripting attack and a trojan, virus, whatever else. Do you really think it's reasonable to make the majority of the populace responsible for poor software design whether that's a poor user interface explaining what is happening, insecure by design, the supposed security software they were recommended slows their machine to a crawl, or insecure coding practices? Your idea would really either eliminate personal computing or more likely create a very large market for walled garden devices like the iPad, but for laptops. Right now you have the choice, also I don't like malware any more than the next guy but 1) It's not going to end the world anytime soon, we've put up with it this long and we'll continue to and 2) It's good training for industry for when it actually needs to produce a secure product, that is there a very good test process for security: connect it to the 'net.

Re:A far more effective solution...

Dude, why don't you make the corporations that leak data responsible first? Sony lost 77M credit cards recently? Come on! That is much more important that going after mom and pops (and no, I will not call them stupid).

Re:A far more effective solution...

And when the next JPEG rendering 0-day comes around? The next PDF or flash exploit?

Re:A far more effective solution...

[Daniel+Phillips]

So if someone breaks into your back yard, scoops up the water from your pool, transports it to a freezer then drops the resulting ice on people from rooftops, you are morally responsible for their deaths?

Probably not, but your scenario is ridiculous. In the far more likely case that a child wanders into your yard because you left the gate open and drowns in your pool, chances are you will pay for that the rest of your life.

It does not seem a stretch at all to extend such mandatory responsibility to computers, which may not cause death but are capable of causing a great deal of damage.

Re:A far more effective solution...

[Daniel+Phillips]

C'mon, this is Slashdot. You left your garage unlocked, somebody stole your car and ran down some pedestrians.

C'mon you are an idiot, and you obviously don't own a pool.

Re:A far more effective solution...

[Daniel+Phillips]

The solution isn't to fine the 'stupid', software requires a warranty that is fit for purpose.

And if that doesn't happen, which it won't, then fining people for operating a computer that becomes part of a botnet is the next best thing. Fines don't even have to be large. Just enough to make people realize that running insecure software or buying a computer with the wrong operating system on it may cause harm to others.

Re:A far more effective solution...

In short, a tax on the stupid.

Yeah right, like ther's no 0day exploits and patched PC with up to date antivirus/antispyware is never infected.
I'd like for people to be responsible (not only for) their PCs but you either use something like warnings (1.warning: you are infected. 2nd. warning: you are infected, do something or else ... 3rd.warning. your internet connection will stop 30.4.2011 and won be restored until machine cleaned by certified pc repair shop ) and that would take time. Or you fire a fine and you would have a lot of angry users on your throat.

Re:A far more effective solution...

[nanospook]

Yeah let's have more fines and gov't regulation and more commissions and spend more money on enforcing the rules.. so on so on.. think twice before you ask for this one!

Re:A far more effective solution...

Primitive solutions yield primitive results. Punishment, fines and jail time are always the first thing some politico types reach for when they see a problem. "Hang 'em high" approaches may be valid for egregious, deliberate and malicious crimes, but such punishments are fraught with expensive, lengthy and uncertain legal processes and are notoriously poor at deterrence. Incentives are far more effective in directing human behavior.

Ever driven five miles to redeem a $1 coupon? Would you have done the same thing to avoid a $1 penalty?

Re:a better fix

[plover]

. Sure, they won't get hurt, but they'll probably never even figure out how to start it.

That's pretty much the whole freakin' point. These are people too stupid to own computers.

"Identifiable Victims"

""While the proposed preliminary injunction is in effect, the Government also expects to uninstall Coreflood from the computers of Identifiable Victims who provide written consent," said the DOJ in the memo."

Is it just me, or are other people creeped out by the way "Identifiable Victims" is capitalized in the press release?

Re:"Identifiable Victims"

Probably just you, it's legal style in some places to use a proper noun when using something you had to set forth in the order, which they probably did.

combofix...

wonder if combofix would take care of the infection... its been good at removing other root kits in the past

So who is footing the bill here?

[h4rr4r]

I sure hope the PC owner or Microsoft are paying for this. I see no reason why Mac users and Linux users should pay for this fix. If we have to pay as well we might as well suggest that uninstall be done by installing a better OS.

Re:So who is footing the bill here?

Its paid by the citizens of USA, enjoy!

Re:So who is footing the bill here?

oh don't let the government touch the hard earned allowance you got for trimming the hedges and cleaning the basement? you shouldn't really get any money for cleaning the basement, fwiw, you live there, and you should clean it yourself so that you don't live like a pig.

GLAD TO HELP.

Re:So who is footing the bill here?

[catmistake]

Agreed. Clearly, the creator and seller of this inferior operating system should be forced to recall the product— and forced to fix it.

Re:a better fix

[somersault]

OpenOffice? TuxRacer? This analogy is feeling a little laboured.

WTF?

[nurb432]

I don't care if i am infected, who gives the the federal government the right to touch my PC? Sure, call my ISP and cut me off until i fix it, but stay the hell out of my property unless i am under a court sanctioned investigation.

( in reality i cant be infected with this windows-only issue, but the question still stands. who died and gave them god rights? )

Re:WTF?

Read the Fine Summary, they aren't doing this without consent.

Re:WTF?

[lasinge]

FWIW, they are stating at this point that they will be asking for consent. Personally I don't like it, I would prefer to take care of it myself, but then again I (like most slashdotters) don't represent the majority of computer users. Someone has to take this seriously and deal with these botnets, and if the government is the only entity willing to step up and handle it, then that's who is supposed to do it. I'd prefer to see this in the public domain, but security is simply not valued in the public sector until something goes wrong.

Re:WTF?

[nurb432]

Someone has to take this seriously and deal with these botnets,

i totally agree, but it should be by cutting off access to infected computers and keep them off-line until they are 'clean'. ISP's can detect 'bad things' and do this automatically.

Re:WTF?

[lasinge]

Yes the ISP's handling this would be far preferable and no doubt less cost intensive than the federal government stepping in. Do the ISP's do this as a matter of course? If so then I do smell the low-tide-smell of the slippery slope. The federal government asking for access to your computer is a sign that things are broken and need to be fixed, and if there were a buck to turn here it would have happened already (it happens but it seems like a drop in the bucket to me) so the only recourse is the government who is supposed to be acting in our collective interest and is doing "what is good for us" TM

Any time I jump up and down about security at a gig I get a mostly tepid response, and in opening a business account at my bank recently I was shocked that only alphanumerics were allowed as password characters, no symbols. I ended up using all of the available characters to prove a point and the bank staffer was shocked as she had never "seen such a large password" I guess if you can't see it or feel it, the threat doesn't exist, or gets blown out of proportion to the nth degree in a sodium iodide sort of way.

Re:WTF?

[Aeternitas827]

Ok, so we let ISPs have carte blanche on detecting and stopping 'bad things' until said 'bad things' are gone. Who classifies these 'bad things'? What guidelines are used to determine these 'bad things' are happening? How granular should these guidelines be? Who sets those guidelines?

To take a hypothetical example, let's say a botnet crops up that operates on port 43187. Let's also say my torrent client, used only to download the latest Ubuntu image also happens to use 43187. Is the fact that my modem is taking traffic on that port enough to cut me off? How do I prove to my ISP that my system isn't being used for nefarious purposes? Do I have to have them send out a guy to watch my reinstall my OS from an OEM disc AND install the latest and greatest in anti-virus software?

Let's extend a bit further...let's say my ISP sets usage caps, and participates in this sort of scheme. Are updates to the AV software going to be excluded? Do they have the capability TO exclude traffic destined for my AV software's update servers? I mean, if I don't keep up to date, I might get infected and have to do the whole dog-and-pony show anyhow. But if I go over my cap, I might get an over-glorified dial-up class connection. Decisions....

Where does it stop?

uninstall command...

[roc97007]

> 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers [...]

I'd say go for it. I mean how is this any different from Windows Update?

Re:uninstall command...

Seriously... they're already "damaged" anyway.

Re:uninstall command...

I'd say go for it. I mean how is this any different from Windows Update?

It's not Microsoft doing the updating?

Re:uninstall command...

[roc97007]

Well, yes, but besides that. What I meant was, although it doesn't happen as much anymore, it used to be fairly common for a windows update to cause issues that you would need to repair, often by hand. Or even brick your computer. It certainly kept me busy the earlier part of this century. That an update has some danger of causing problems on a large number of machines has (apparently) not stopped Microsoft from releasing them, why would the FBI care? Especially, as someone has noted, on machines that are already damaged?

Funny How Microsoft...

[Nom+du+Keyboard]

Funny how Microsoft's Malicious Software Removal Tool isn't nearly so polite about asking permission first.

Creepy

[Iamthecheese]

I applaud what they're doing and can even see this as appropriate. That said... Am I the only one getting the jitters at the thought of millions of people downloading and running a program from a department of the US government?

Re:Creepy

[TaoPhoenix]

I have free tickets for you to ski on the slippery slope.

Re:Creepy

[Osgeld]

no there are at least a dozen post's above yours saying the exact same thing

if I didn't use my last mod points on one of those threads you would get a redundant

Re:Creepy

[Stormthirst]

Why is it that Americans as so paranoid about their government's motives? No other country in the first world has this level of paranoia about their government.

Re:Creepy

History class, two doors down on the right.

Re:Creepy

[mr100percent]

...and by posting (I assume with the same account) you've undid all the moderation

Is this

[SnarfQuest]

Is this like those messages emailed from Microsoft about virus detected on my system? Those things never seemed to make my machine run better. You'd think Microsoft would test their fixes better... ;=)

Re:a better fix

[DarwinSurvivor]

I'd say the REALLY hard part is walking next to it while being shot at because your "buddy" got the long straw.

Re:a better fix

[ae1294]

The hard part is driving it while you're being shot at.

You must not have driven in any major U.S. city in awhile...

Re:a better fix

[Jaysyn]

Not until I get onto I-10.

Take away their network connection

[QuesarVII]

They shouldn't be helping to uninstall it for people. They should be getting their internet connections shut off to teach them a damn lesson about computer security.

Why do they need consent?

[jeffeb3]

My common sense would say that if the user already gave up control of their PC to the botnet, why should they have any say in keeping the feds from removing the bot? The reason the feds are interesting is (I'm assuming) because the botnet caused harm to others. Just remove the bot, if there are consequences, and they know what they are, then it's their own fault.

But, the federal government is held to a higher standard aren't they?

Re:Why do they need consent?

Yeah, why should the federal government be held to a higher standard than criminals?

Re:Why do they need consent?

[mr100percent]

I wonder if we could use a car analogy here. If your car rolled into the street unattended, could the police tow it or would they be liable for damages from towing it?

Re:a better fix

[avgjoe62]

You've obviously never driven in Los Angeles. Being able to drive a car while being shot at is part of the driver's license test.

Bummed

[Strykar]

An unjust law is itself a species of violence. Arrest for its breach is more so. -MKG

Disconnect from internet?

[aralin]

Why cannot they just ask the ISP to disconnect infected computers from the network? It should be responsibility of each owner to connect with uninfected computer. The company responsible for this whole mess - Microsoft - will likely not be held accountable, but the users should. And when the OS they use start to be liability in their lives, then maybe they will choose based on that as well.

YACA: If someone installed randomly firing machine guns in the trunk of your car, I doubt FBI response would be a letter asking you if they could please uninstall those for you.

Re:Disconnect from internet?

The company responsible for this whole mess - Microsoft - will likely not be held accountable

how about this

The company responsible for this whole mess - Pella - will likely not be held accountable for the brick put thru my front window they should have known how to fix that.

You are blaming MS for what others do. Put the blame on the right people. The people who write the damn viri.

Re:Disconnect from internet?

You're an idiot. What if a botnet used a flaw in the Linux kernel? Should every distro maker out there be sued for damages? God damn you anti-Microsoft lunatics are so dumb sometimes.

The responsible party here is the hacker, dumbfuck. Not MS or anyone else.

Re:Disconnect from internet?

That depends -- if there were 2 million cars with randomly firing machineguns in the trunk, they might just try asking please by letter first.

(If that much. Hell hath no fury like a NRA postcard campaign.)

Re:Disconnect from internet?

[jwa999]

Grandma is responsible for her windows computer being infected? Please!
If a hacker can reach a computer to infect it, then if an antidote can be created to remove those infections, have at it!
That has been my thinking since the dawn of botnets. The concept that it would be somehow illegal to attempt to wipeout an infection is as dumb as allowing smallpox to stay around. Anybody user that allowed his PC to be infected, has made his PC become a thread to the infrastructure of the internet. Just like you quarantine people with dangerous diseases, you quarantine and cure PC's connected to the internet. You don't like? Don't participate!

Re:Disconnect from internet?

[Bob9113]

> Why cannot they just ask the ISP to disconnect infected computers from the network?

Maybe a good idea, maybe not. One risk: If they did this and people did not scream bloody murder, it would be a matter of days until the DoJ started shutting down people suspected of copyright infringement.

Helping people do the pro-social thing, good. Fining them for anti-social behavior (like we do with copyright), good(*). Disconnecting them from the Internet is less obviously good. The Internet is like public sewer systems -- the more people that have access to it, the more our whole society benefits.

Ubiquitous Internet access has significant positive extrernalities. Giving the government the authority to infringe that access -- even for such an obviously pro-social reason -- is fraught with peril.

* the copyright infringement fines are good to the extent that copyright is good, of course, which may be highly debatable in its current incarnation

Re:Disconnect from internet?

[nanospook]

So what happens if you DONT have it? You run Linux ok great! One day your internet conneciton is down and you can't work. Why? Your IP was reported sending botnet. NO way, I CAN'T have it! Sorry Sir, you will have to contact the FBi to resolve this. The process you must follow takes about 2-4 weeks. If you are not infected, your connecdtion will be restored. Thank you.. But but my business will suffer? Sorry Sir, there's nothing I can do. This wouldn't happen if you didn't have the botnet. *CLICK* These simple solutions.. you miss the point that a federal agency (a big one) is gonna be big brother and once you let that boy in the door, he ain't leaving..

Re:Disconnect from internet?

[varmittang]

Question, does that mean a content infringer can be found by their IP Address? Because that is the holy grail of defenses for everyone here at Slashdot when someone is being sued by the RIAA/MPAA using their IP Address.

That aside, I think the same thing, give a listing of IPs to each ISP for those computers that are infected and have the ISP reach out to their users and not have it be the FBI.

Re:Disconnect from internet?

"Please give the FBI complete access to your computer, citizen. Of course we will not ourselves install anything which would be useful to have running on a million distributed computers without the owners' knowledge. No, not at all. Don't read the fine print."

Re:a better fix

[CrimsonAvenger]

Oh come on - tanks are driven by people who have volunteered to get shot at. How hard can it be? Certainly no harder to drive than the old 1970's caterpillar D-6C (a bulldozer for those not in the know) and actually much easier. I've seen them with handlebars and a throttle just like a motorcycle. Add a brake pedal for each side and an automatic transmission and you're set.

Ever notice how a lot of people who know nothing about a subject think it must be easy?

Cooperate America strikes again

[devent]

Now the DOJ and the FBI do the job to secure Windows. Must really suck to live in a country where the government is run for cooperations paid by tax money. (If anyone wonder, it's the job of Microsoft to secure their system not the DOJ or the FBI to do that for them).

"FBI field offices would be notifying affected people, companies and organizations."

yeah, that's why you have the FBI. Not to hunt for criminals like murders, raper or the organized crime, but to go to people and companies and secure their computers.

Re:Cooperate America strikes again

[DCFusor]

It's at least some benefit out of all that fear induced money they got rolled up into homeland security, rather than some other use of it.

Re:Cooperate America strikes again

[Solensean]

Corporation, corporate America. Not *cooperate*.

If this is a joke,

[ronmon]

it's not funny. If it isn't a joke it is insanely stupid.

A big fraction of them are probably government

[DCFusor]

Machines, so it shouldn't be too hard to get permission. Who else has so many clueless users with great connections to the net all concentrated in one set of outfits?

Options

[Livius]

"In fact, the only method certain to work."

That and nuking the site from orbit. It's the only way to be sure.

Re:Options

[mysidia]

That and nuking the site from orbit. It's the only way to be sure.

You're right.

Clarification: With limited information about the physical wearabouts of the machine: the only method relatively certain to work without many lost innocent lives or massive amounts of destruction of physical property.

Re:Options

[tehcyder]

That and nuking the site from orbit. It's the only way to be sure.

You're right.

Clarification: With limited information about the physical wearabouts of the machine: the only method relatively certain to work without many lost innocent lives or massive amounts of destruction of physical property.

I think the problem is serious enough to warrant the termination of all life on the planet. It was a nice experiment, but you'll have to do better next time. Nice knowing you. Mwah hah hah hah!

>> pushes big red "do not push this button" button.

A legal backdoor to gov't monitoring

[hessian]

I am far from paranoid of government, but if you give government a privilege, they will expand its role.

Today, removing Coreflood. Tomorrow? Other dangerous software, like BitTorrent or DC++

It's not paranoid to suggest that if you give a strong central authority a delegated power, they will expand their use of it to justify their salaries/funding.

Re:a better fix

[shentino]

Don't diss our troops man.

Fail Fail Fail

Regardless if a bot exists on computers or not, this is an excuse to point fingers everywhere. I say add the FBI's ip netblock to your iptables and be done with the shit, the only terror these days seems to come from the fascist government which has replaced our constitutional republic. from stuxnet to coreflood, it's false flag again and again, block your frame, iframe and xframe and be done with 90% of these fucking worms

United States of AVG

Yay! Now the government is nationalizing anti-virus software

Yeah!

Is this part of that Skynet initiative thingy?

"Remove", not "uninstall"

"Uninstall" doesn't make any sense as a verb. "Un-" means "not", so the FBI are going to not-install Coreflood?

What happened to proper verbs such as "remove"?

Re:"Remove", not "uninstall"

[Solensean]

Windows. Windows happened.

Re:"Remove", not "uninstall"

[Co0Ps]

You're confusing prefixing with verbs and adjectives... "install" is a verb so "uninstall" means to "reverse installation"... just like undo means "reverse what was done". On adjectives the prefix means "not" though.... like "unauthorized" and "ungrateful". And I'm not even a native English speaker.

Uninstall is a much better word than "remove" in this context. Remove implies simply deleting files while the process of uninstalling is often much more complex and refer to restoring the state that the computer had before the software was installed. This could involve patching and other activity different than "removing".

Re:a better fix

[Dunbal]

Your troops, not my troops. Costa Rica does not have an army, so I don't "have" any troops.

Re:a better fix

[Dunbal]

I've actually driven a tank - a british Challenger 1. How many tanks have you driven?

The "secret" uninstall command

[Lost+Penguin]

deltree c:\windows

a total solution to infected Windows PCs

[doperative]

Ubuntu is a fast, secure and easy-to-use operating system used by millions of people around the world.

Re:a total solution to infected Windows PCs

[nanospook]

yeah, but face it, it's not ready for prime time. I use it. But even though I'm using the latest and I'm relatively savvy in it, I run into situations where I have to STOP and go RESEARCH stupid stuff all the time when I have other tasks to get done. For example hooking up a second monitor and I did someting to the contorl panel and couldn't get my display back. Then I couldn't uninstall the video driver. or if I did, my system started rebooted over and over and over (sound famliar?) Eventually after spending hours reading google and following other resolutions that people posted, I decided a complete reinstall was the quickest way. I like it however.. The point is that the Joe Smoe Or Mary Jane who doesn't really do much on their computer except email and browse plus maybe a photo program isn't going to have much patience or interest with it. Window's is freaking easy for them. It's easy for us techie types to look down our nose and condemn this, but that same individual might have many other talents that make you look like stupid too.

That's pretty logical actually

As to your proposal here:

"Or don't uninstall Windows but make computer owners legally responsible for their computers in the same way they are legally responsible for a swimming pool. The resulting fines would either stop botnets entirely or eliminate the national deficit. In short, a tax on the stupid." - by Daniel Phillips (238627) on Wednesday April 27, @07:25PM (#35958594)

Admittedly though, it'd be a HELL OF A SHOCK to find out that say, your own system had been infested thus (doubt it with MOST folks on this website though, as I personally consider many here to be pretty "proficient" computing-wise)...

I think the feds will have some "hassles" here, because nobody seems to trust them/their motives as of late @ least (can't really blame them in some cases, due to the "homeland security" thing being used allegedly on our own peoples/citizenry seemingly more than REAL "terrorista" etc./et al).

I do think they mean well, & it's RIGHT they're doing something of THIS NATURE vs. CoreFlood though!

(Hell, even a former "co-worker/colleague" of mine from/for SunBelt software (mid-to-late-90's) in Dr. Mark Russinovich (now @ MS) has had his work implicated (rather, used) by this botnet to wreak added havoc too).

APK

P.S.=> I have been meaning to ask YOU, of all people here, a question for months now - Did you go to LeMoyne College? Reason being is, I had a partner in my early CIS coursework there for a presentation on Computer Security, & his name was the same as yours... are you he?? Just curious, & if so??? Heh - things SURE have come a long ways haven't they, since 1984, when we presented that & got that A+ grade with a conclusion I remember delivering of "What one man can lock & secure, another man can unlock & unsecure..."

... apk

I would bet they don't "need" permission

[mbessey]

It's just a CYA move for them. I believe they have the authority to just go ahead and do it, but they reasonably fear lawsuits. If someone gives permission, with the appropriate disclaimer, they're safe from the consequences.

It's not just that they will inevitably disable some number of the infected PCs by accident due to unexpected interactions with other software on the systems, either. Just the fact that they "accessed my computer without permission" would motivate some number of lawsuits, as well as the fact that out of a few million targets, some non-trivial number of them will happen to have hardware failure right after being "disinfected", which the users will then blame them for.

linux is safer

[peawormsworth]

I hope the solution the government provides is to remove the old, weak and largely unprotected operating system and replace it with a free modern operating system that can be automatically installed and upgraded for free. Like some linux variant.

Because it is my opinion that the number one reason we have so many infections is that the user cannot afford to upgrade to the fix and/or cannot afford the commercial product to detect and repair the issue on the existing architecture. With free operating systems and software, the user is free to keep there system up to date with the most advanced and therefore most resilient code.

I believe we would have far less issues with botnets if the latest operating system, applications, virus detection and removal products were all freely available. As users would never delay upgrading to the latest editions due to cost.

Alternatively, a solution would be to give each one of these users a new copy of Win7 and updated versions of all their applications for Win7. But this seems far less likely.

You're not one to talk. You do it yourself.

tomhudson, gmhowell, and yourself admittedly troll and mod others posts down here all the time webmistressrachel. You're clearly not one to talk here.

Re:You're not one to talk. You do it yourself.

[webmistressrachel]

Actually, despite being a trolling b**ch at times, I do not abuse the mod system in the way outlined in my GP post, and I often post perfectly sensible, constructive posts which contribute positively to the discussion at hand.

Also, the fact that gmhowell, tomhudson and myself are mentioned here tells me that you're probably the person who modded me down. Thanks AC. Why not sign up for an account here, and be accountable for your actions, like myself and others? Or are you under some sort of perma-ban for abusing the system?

Re:a better fix

[CrimsonAvenger]

I've actually driven a tank - a british Challenger 1. How many tanks have you driven?

M60. Plus an APC or two.