Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds To Remotely Uninstall Bot From Some PCs

Posted by samzenpus on from the let-us-take-care-of-that dept.

CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."

4 of 211 comments (clear)

  1. Lemme guess how they're going to get consent... by jthill · · Score: 5, Funny

    they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
    1. Re:Lemme guess how they're going to get consent... by Em+Adespoton · · Score: 5, Funny

      "The FBI has detected a botnet running on your computer. Due to federal privatization initiatives, botnet removal has been subcontracted to Botnet Blaster 2011. Click here to purchase Botnet Blaster 2011 and avoid having your house stormed by an FBI tactical team."

  2. Re:That's ok by hellkyng · · Score: 5, Insightful

    The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

  3. Re:A far more effective solution... by Daniel+Phillips · · Score: 5, Interesting

    Uninstall Windows.

    Or don't uninstall Windows but make computer owners legally responsible for their computers in the same way they are legally responsible for a swimming pool. The resulting fines would either stop botnets entirely or eliminate the national deficit. In short, a tax on the stupid.

    --
    Have you got your LWN subscription yet?