Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Botnet United States

Feds To Remotely Uninstall Bot From Some PCs 211

Posted by samzenpus from the let-us-take-care-of-that dept.
CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."
This discussion has been archived. No new comments can be posted.

Feds To Remotely Uninstall Bot From Some PCs More

Feds To Remotely Uninstall Bot From Some PCs

Comments Filter:

  • Re:That's ok (Score:5, Insightful)

    by hellkyng ( 1920978 ) on Wednesday April 27, 2011 @06:13PM (#35958088)

    The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

  • As much as I hate to say this (Score:2, Insightful)

    by teknosapien ( 1012209 ) <teknosapien@gmail.com> on Wednesday April 27, 2011 @06:35PM (#35958256) Journal
    since most of the machines I'm guessing are running a Microsoft product, maybe they should be the ones carrying this out on infected machines. Lets face it they are probably better situated to see this through. the feds should go back to being the agents of the RIAA and MPAA and leave the computer work to the professionals

  • A far more effective solution... (Score:2, Insightful)

    by Daniel Phillips ( 238627 ) on Wednesday April 27, 2011 @06:40PM (#35958290)

    Uninstall Windows.

  • uninstall command... (Score:2, Insightful)

    by roc97007 ( 608802 ) on Wednesday April 27, 2011 @06:53PM (#35958378) Journal

    > 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers [...]

    I'd say go for it. I mean how is this any different from Windows Update?

  • Re:That's ok (Score:2, Insightful)

    by PraiseBob ( 1923958 ) on Wednesday April 27, 2011 @07:29PM (#35958634)
    Remotely uninstalling malicious software from an unsuspecting persons machine is a dick move? If someone was passing out cupcakes and put one on your desk without asking, would you call that a dick move also?

    Fixing somebody's computer is a gift. Fixing their machine because it is attacking mine, is something I appreciate. If you don't trust a federal agency to have the authority to remove the virus, then whom do you trust? Rival hackers? Microsoft? They've done such a great job so far in containing the problem. The malware problem isn't going to go away by itself. People will not wake up one day and decide to update their machines.

  • Re:I havent received (Score:0, Insightful)

    by Anonymous Coward on Wednesday April 27, 2011 @07:59PM (#35958848)
    -1, Started a sentence in the topic, concluded it in the body.

  • Re:That's ok (Score:1, Insightful)

    by mysidia ( 191772 ) * on Wednesday April 27, 2011 @08:00PM (#35958852)

    They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

    I disagree. These systems are infected. If the FBI knows about that; if they have gained control of a botnet, backdoor codes or other piece of malware, they should be free to immediately take all available actions to uninstall or disable known infected computers.

    There's definitely no right to be running botnet code.

    I say we need a law authorizing ANYONE to uninstall worm software/viruses from any computer by any means made available by the malware, at will, without alerting the user, anyone else, or requiring anyone's permission or approval; so long as the only method used to uninstall is provided by the malware (or backdoor), the only command executed is cleanup/uninstall, and no financial or other gain is obtained (other than cleaning up the internet/reducing spam).

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close