Slashdot Mirror
Feds To Remotely Uninstall Bot From Some PCs
CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."
If it damages my system I'll just re-install from a back-up image I made. Oh wait...
Seven puppies were harmed during the making of this post.
they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?
As always, all IMO. Insert "I think" everywhere grammatically possible.
I'd like to see what company's are on the list. Specifically what IT companies. Even more specifically, if any network hardware providers made the list. Always fun to see what companies actually know networking that are selling the products that us in the field buy and put some measure of faith in to protect our networks. Same can be said for some software IT companies for end-users. I would be a bit more wary about considering a company's software protection product if they'd been compromised by one of the world's biggest botnets for X number of years and needed the FBI to call them up and tell them about it.
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
It would be better to report the issue to the user and provide links to well known antivirus companies. This way the user would be able to trust that the Feds aren't installing anything on their box while they may or may not remove what they tell the user... ;-)
The lyf so short, the craft so long to lerne
Giving Linux to someone who can't even use Windows properly is like replacing their car with a tank because they got into too many accidents. Sure, they won't get hurt, but they'll probably never even figure out how to start it.
Consent?? Does that mean the users infected with the botnet will get "Warning your computer is infected, click here to remove the virus's you didn't know you had from your computer", on one hand it's probably the target of people that were gullible enough to fall for it once to get the botnet in the first place, but teaching them it is actually possible for a legitimate goal to do it, means they will be infected again in a week.
Oh come on - tanks are driven by people who have volunteered to get shot at. How hard can it be? Certainly no harder to drive than the old 1970's caterpillar D-6C (a bulldozer for those not in the know) and actually much easier. I've seen them with handlebars and a throttle just like a motorcycle. Add a brake pedal for each side and an automatic transmission and you're set.
Seven puppies were harmed during the making of this post.
You know the first thing they're going to push is the big red button marked "Fire".
If I have been able to see further than others, it is because I bought a pair of binoculars.
since most of the machines I'm guessing are running a Microsoft product, maybe they should be the ones carrying this out on infected machines. Lets face it they are probably better situated to see this through. the feds should go back to being the agents of the RIAA and MPAA and leave the computer work to the professionals
no matter how good it is, it is human nature always wants to make things better
The hard part is driving it while you're being shot at.
You know the first thing they're going to push is the big red button marked "Fire".
The tank driver can't reach that button. It's for the back seat driver.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
any notifications yet from the FBI about the botnet and my computer, has anyone else?
also, do i need to disable selinux before they uninstall the bot on my computer? or can they do it from a regular user account with limited sudo?
Good people go to bed earlier.
Uninstall Windows.
Have you got your LWN subscription yet?
. Sure, they won't get hurt, but they'll probably never even figure out how to start it.
That's pretty much the whole freakin' point. These are people too stupid to own computers.
John
Well, at least somebody is making an effort to stop all the fucking spam. Slippery slopes are nice and all, but that kind of thing can already be done legally via the courts, the PATRIOT act, etc.. at least what they are doing here is beneficial to the world.
which is totally what she said
OpenOffice? TuxRacer? This analogy is feeling a little laboured.
which is totally what she said
> 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers [...]
I'd say go for it. I mean how is this any different from Windows Update?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Uh.. if they wanted to do that, they could do. What exactly do you think they'd find so interesting about the average person's web browsing habits? Do they perhaps need credit card details for extra funding? I don't think so.
which is totally what she said
Is this like those messages emailed from Microsoft about virus detected on my system? Those things never seemed to make my machine run better. You'd think Microsoft would test their fixes better... ;=)
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
The government is doing this at the taxpayer's expense because the taxpayer voted in a government that likes the rich having the money and you not. Vote into power someone who doesn't give a damn about the rich next time. Of course, that requires finding one - and then finding one willing to run for office. In general, those with the best ethics are the least-suited to politics and the ones best-suited to politics are the ones with no ethics.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
FWIW, they are stating at this point that they will be asking for consent. Personally I don't like it, I would prefer to take care of it myself, but then again I (like most slashdotters) don't represent the majority of computer users. Someone has to take this seriously and deal with these botnets, and if the government is the only entity willing to step up and handle it, then that's who is supposed to do it. I'd prefer to see this in the public domain, but security is simply not valued in the public sector until something goes wrong.
you are in a twisty maze of different passages.
Stop and think. If they've already scanned these machines, any keylogger will already be installed. Besides, there's a Firefox extension for jamming keyloggers.
Besides, what would they need a keylogger for? We already know (because the Australian Government has said so) that Echelon is real and does exist. The total lack of use of cryptography means that there's nothing you can type that they can't read already.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I have free tickets for you to ski on the slippery slope.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I'd say the REALLY hard part is walking next to it while being shot at because your "buddy" got the long straw.
The hard part is driving it while you're being shot at.
You must not have driven in any major U.S. city in awhile...
no there are at least a dozen post's above yours saying the exact same thing
if I didn't use my last mod points on one of those threads you would get a redundant
Not until I get onto I-10.
There is a war going on for your mind.
They shouldn't be helping to uninstall it for people. They should be getting their internet connections shut off to teach them a damn lesson about computer security.
But, the federal government is held to a higher standard aren't they?
You've obviously never driven in Los Angeles. Being able to drive a car while being shot at is part of the driver's license test.
How come Slashdot never gets Slashdotted?
Agreed. Clearly, the creator and seller of this inferior operating system should be forced to recall the product— and forced to fix it.
The Admin and the Engineer
Why is it that Americans as so paranoid about their government's motives? No other country in the first world has this level of paranoia about their government.
An unjust law is itself a species of violence. Arrest for its breach is more so. -MKG
Why cannot they just ask the ISP to disconnect infected computers from the network? It should be responsibility of each owner to connect with uninfected computer. The company responsible for this whole mess - Microsoft - will likely not be held accountable, but the users should. And when the OS they use start to be liability in their lives, then maybe they will choose based on that as well.
YACA: If someone installed randomly firing machine guns in the trunk of your car, I doubt FBI response would be a letter asking you if they could please uninstall those for you.
If programs would be read like poetry, most programmers would be Vogons.
Whoa... hold it there. If you start that precedent about OS vendors being charged for security issues...... that would put open source companies, incl. Redhat in quite a pickle.
No platform can claim to be completely free of security issues. And any platform that reaches critical mass is going to have infected/compromised systems doing naughty things (like SSH brute force attacks en masse).
The number of non-Windows botnet nodes is far from zero.
Ever notice how a lot of people who know nothing about a subject think it must be easy?
"I do not agree with what you say, but I will defend to the death your right to say it"
Now the DOJ and the FBI do the job to secure Windows. Must really suck to live in a country where the government is run for cooperations paid by tax money. (If anyone wonder, it's the job of Microsoft to secure their system not the DOJ or the FBI to do that for them).
"FBI field offices would be notifying affected people, companies and organizations."
yeah, that's why you have the FBI. Not to hunt for criminals like murders, raper or the organized crime, but to go to people and companies and secure their computers.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
Someone has to take this seriously and deal with these botnets,
i totally agree, but it should be by cutting off access to infected computers and keep them off-line until they are 'clean'. ISP's can detect 'bad things' and do this automatically.
---- Booth was a patriot ----
History class, two doors down on the right.
it's not funny. If it isn't a joke it is insanely stupid.
The OS is broken? Explain. And while your at name one piece of software or OS that was 100% bug free when released. Your auto manufacturing example would be more like someone using a crow bar to smash your car window in order to steal it. Should the auto industry build-in armored windows to prevent this action? I am sure they could but the price for the auto would go up. On the chance someone could develop a bug free OS how long do you think that would take? Both Apple and Microsoft have been working 20+ years to achieve that goal and it doesn't look like they are getting any closer.
Machines, so it shouldn't be too hard to get permission. Who else has so many clueless users with great connections to the net all concentrated in one set of outfits?
Why guess when you can know? Measure!
Yes the ISP's handling this would be far preferable and no doubt less cost intensive than the federal government stepping in. Do the ISP's do this as a matter of course? If so then I do smell the low-tide-smell of the slippery slope. The federal government asking for access to your computer is a sign that things are broken and need to be fixed, and if there were a buck to turn here it would have happened already (it happens but it seems like a drop in the bucket to me) so the only recourse is the government who is supposed to be acting in our collective interest and is doing "what is good for us" TM
Any time I jump up and down about security at a gig I get a mostly tepid response, and in opening a business account at my bank recently I was shocked that only alphanumerics were allowed as password characters, no symbols. I ended up using all of the available characters to prove a point and the bank staffer was shocked as she had never "seen such a large password" I guess if you can't see it or feel it, the threat doesn't exist, or gets blown out of proportion to the nth degree in a sodium iodide sort of way.
you are in a twisty maze of different passages.
"In fact, the only method certain to work."
That and nuking the site from orbit. It's the only way to be sure.
I am far from paranoid of government, but if you give government a privilege, they will expand its role.
Today, removing Coreflood. Tomorrow? Other dangerous software, like BitTorrent or DC++
It's not paranoid to suggest that if you give a strong central authority a delegated power, they will expand their use of it to justify their salaries/funding.
Futurist Traditionalism
...and by posting (I assume with the same account) you've undid all the moderation
Don't diss our troops man.
If an auto manufacturer sold a vehicle that melted in the rain,
Then it might be made of sugar (and delicious) or salt (and good for margarita night or deer hunting).
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
I have borderline ethics, think the idea of holding public office is novel (it might get me a Wikipedia entry!), and think CEOs and top-tier professional athletes are overpaid buffoons. I also carry a dagger in my shirtsleeve. Do I have your vote?
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
It's a Trojan. It ruins all the fun.
The above would also have been an acceptable response.
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
And while your at name one piece of software or OS that was 100% bug free when released.
How about this little bit of BASIC? 10 PRINT "HELLO WORLD" 20 GOTO 10 Does exactly what I want it to, every time.
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
Goddammit, forgot the line breaks. Imagine 'em.
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
You could, however, type out the alphabet (CAPS and lowers), numbers, symbols, and such into a word editor, and painstakingly copy/paste every letter of your usernames, passwords, and posts. When they keylogger turns up 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`-=[]\;',./~!@#$%^&*()_+{}|:"?^C^V^C^V^C^V^C^V...', I imagine there would be some crying.
Also, you may be required to wear a tin-foil sombrero. Also, this is probably defeatable in any case.
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
Ok, so we let ISPs have carte blanche on detecting and stopping 'bad things' until said 'bad things' are gone. Who classifies these 'bad things'? What guidelines are used to determine these 'bad things' are happening? How granular should these guidelines be? Who sets those guidelines?
To take a hypothetical example, let's say a botnet crops up that operates on port 43187. Let's also say my torrent client, used only to download the latest Ubuntu image also happens to use 43187. Is the fact that my modem is taking traffic on that port enough to cut me off? How do I prove to my ISP that my system isn't being used for nefarious purposes? Do I have to have them send out a guy to watch my reinstall my OS from an OEM disc AND install the latest and greatest in anti-virus software?
Let's extend a bit further...let's say my ISP sets usage caps, and participates in this sort of scheme. Are updates to the AV software going to be excluded? Do they have the capability TO exclude traffic destined for my AV software's update servers? I mean, if I don't keep up to date, I might get infected and have to do the whole dog-and-pony show anyhow. But if I go over my cap, I might get an over-glorified dial-up class connection. Decisions....
Where does it stop?
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
#3 could be a bug...but really, the bug is in the eye of the beholder. What to you is a bug, is to me a feature!
#1 is already resolved, assuming Bugs 2-5 can be considered Enhancement Requests for v1.1 (or v1.0.1, or v2), and the program had the useful purpose of proving that software can exist, at release, without bugs (this would disqualify Bug #1 as a bug, but rather make it a user education issue for the target audience).
I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
Your troops, not my troops. Costa Rica does not have an army, so I don't "have" any troops.
Seven puppies were harmed during the making of this post.
I've actually driven a tank - a british Challenger 1. How many tanks have you driven?
Seven puppies were harmed during the making of this post.
Windows. Windows happened.
You're confusing prefixing with verbs and adjectives... "install" is a verb so "uninstall" means to "reverse installation"... just like undo means "reverse what was done". On adjectives the prefix means "not" though.... like "unauthorized" and "ungrateful". And I'm not even a native English speaker.
Uninstall is a much better word than "remove" in this context. Remove implies simply deleting files while the process of uninstalling is often much more complex and refer to restoring the state that the computer had before the software was installed. This could involve patching and other activity different than "removing".
deltree c:\windows
I am the unwilling control for my Origin.
Ubuntu is a fast, secure and easy-to-use operating system used by millions of people around the world.
The point is that you've already let stuff like that happen, yet you still complain about valid uses of power.
which is totally what she said
Believe it or not I have seen people screw up even a "Hello World" function.
Something must be working to stop the spam. My mail logs are showingg that my daily spam is now ONLY 73% of all email passing through my server. THis time last year it was hovering around 98%. I'm also seeing a slight reduction in bandwidth fees, but then blocking youtube and facebook probabaly had more of an impact...
I sometimes ponder blocking them just to increase my own productivity! I mean if employees really want to waste time on Facebook these days, they can do it from their phones anyway..
which is totally what she said
If America used the Alternative Voting System, you'd have half my vote.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's just a CYA move for them. I believe they have the authority to just go ahead and do it, but they reasonably fear lawsuits. If someone gives permission, with the appropriate disclaimer, they're safe from the consequences.
It's not just that they will inevitably disable some number of the infected PCs by accident due to unexpected interactions with other software on the systems, either. Just the fact that they "accessed my computer without permission" would motivate some number of lawsuits, as well as the fact that out of a few million targets, some non-trivial number of them will happen to have hardware failure right after being "disinfected", which the users will then blame them for.
I hope the solution the government provides is to remove the old, weak and largely unprotected operating system and replace it with a free modern operating system that can be automatically installed and upgraded for free. Like some linux variant.
Because it is my opinion that the number one reason we have so many infections is that the user cannot afford to upgrade to the fix and/or cannot afford the commercial product to detect and repair the issue on the existing architecture. With free operating systems and software, the user is free to keep there system up to date with the most advanced and therefore most resilient code.
I believe we would have far less issues with botnets if the latest operating system, applications, virus detection and removal products were all freely available. As users would never delay upgrading to the latest editions due to cost.
Alternatively, a solution would be to give each one of these users a new copy of Win7 and updated versions of all their applications for Win7. But this seems far less likely.
Actually, despite being a trolling b**ch at times, I do not abuse the mod system in the way outlined in my GP post, and I often post perfectly sensible, constructive posts which contribute positively to the discussion at hand.
Also, the fact that gmhowell, tomhudson and myself are mentioned here tells me that you're probably the person who modded me down. Thanks AC. Why not sign up for an account here, and be accountable for your actions, like myself and others? Or are you under some sort of perma-ban for abusing the system?
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
M60. Plus an APC or two.
"I do not agree with what you say, but I will defend to the death your right to say it"