Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Botnet United States

Feds To Remotely Uninstall Bot From Some PCs 211

CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."
This discussion has been archived. No new comments can be posted.

Feds To Remotely Uninstall Bot From Some PCs

Comments Filter:
  • If it damages my system I'll just re-install from a back-up image I made. Oh wait...
    • I'd be more worried about, you know, the owners of the botnet reading this article and taking preventative action? I mean, if it's already too late for that (which past articles assert, it is), then it's not really "crippling", is it?
      • Re:That's ok (Score:5, Insightful)

        by hellkyng ( 1920978 ) on Wednesday April 27, 2011 @06:13PM (#35958088)

        The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

  • by jthill ( 303417 ) on Wednesday April 27, 2011 @06:00PM (#35957996)
    they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?
  • I'd like to see what company's are on the list. Specifically what IT companies. Even more specifically, if any network hardware providers made the list. Always fun to see what companies actually know networking that are selling the products that us in the field buy and put some measure of faith in to protect our networks. Same can be said for some software IT companies for end-users. I would be a bit more wary about considering a company's software protection product if they'd been compromised by one of the
  • It would be better to report the issue to the user and provide links to well known antivirus companies. This way the user would be able to trust that the Feds aren't installing anything on their box while they may or may not remove what they tell the user... ;-)
    • Hi! We're from the Government. We're here to help you.
    • Supposedly Microsoft is pushing out the 'Malicious Software Removal Tool' as part of Windows Update that will actually remove Coreflood if the user machine has already recieved the 'halt' command from the FBI servers. I guess that counts...
      • Yeah, idiots with pwned machines are well known for keeping up to date.

    • I believe Microsoft included detection in their MSRT (Malicious Software Removal Tool) so as long as users and regularly updating they should have this taken care of on its own shortly. I imagine the FBI is probably assuming most users aren't actively updating, or targeting "high value" or infrastructure type computers for a more aggressive removal strategy.

      For the tin-foil crowd, if the FBI really wanted to do bad things to your files, they wouldn't have made it public they captured the command and control

  • Consent?? Does that mean the users infected with the botnet will get "Warning your computer is infected, click here to remove the virus's you didn't know you had from your computer", on one hand it's probably the target of people that were gullible enough to fall for it once to get the botnet in the first place, but teaching them it is actually possible for a legitimate goal to do it, means they will be infected again in a week.
    • by x*yy*x ( 2058140 )
      Well what would you think if the government or any other people would mess with your computer without your consent? What if they decided "utorrent.exe" was harmful and decided to remove it without asking you?
    • by jd ( 1658 ) <> on Wednesday April 27, 2011 @06:53PM (#35958382) Homepage Journal

      As much as I would love the Feds to just run a complete vulnerability scan of the US (not unlike the Internet Auditing Project) and then remotely uninstall every instance without telling a damn person (if the virus doesn't de-install cleanly, that's a bug in the virus so go sue the authors), I get the impression there'd be a few complaints. In part, because the Feds have shown themselves to be ethically-challenged from time to time.

      If you want - really, truly want - bots and spyware to be gone forever, it's going to take a Federal agency vulnerability scanning your machine and installing nagware when your machine is shown as both infected and insecure. (Insecure alone might just be a honeypot, it doesn't prove there's a real vulnerability present.)

      Nobody is going to trust an agency to do this. Doesn't matter if that's just or unjust, the only just that matters is that it's just not going to happen. In consequence, corporations will fail to secure products, users will fail to secure their machines and the problem will miraculously fail to vanish all on its own. Things won't change without pressure and the only sources of pressure big enough won't and/or can't.

  • since most of the machines I'm guessing are running a Microsoft product, maybe they should be the ones carrying this out on infected machines. Lets face it they are probably better situated to see this through. the feds should go back to being the agents of the RIAA and MPAA and leave the computer work to the professionals
    • Re: (Score:2, Interesting)

      by h4rr4r ( 612664 )

      Or maybe Microsoft software is what got these users into this mess, so someone else should fix it and Microsoft should just foot the bill.

    • What else do you think they will do with access to your system besides the botnet campaign? "While repairing the botnet, we discovered 137 copyrighted files. These have been reported to the **AA. Have a nice day!"

  • by nimbius ( 983462 ) on Wednesday April 27, 2011 @06:39PM (#35958286) Homepage
    any notifications yet from the FBI about the botnet and my computer, has anyone else?

    also, do i need to disable selinux before they uninstall the bot on my computer? or can they do it from a regular user account with limited sudo?
  • Uninstall Windows.

    • by Daniel Phillips ( 238627 ) on Wednesday April 27, 2011 @07:25PM (#35958594)

      Uninstall Windows.

      Or don't uninstall Windows but make computer owners legally responsible for their computers in the same way they are legally responsible for a swimming pool. The resulting fines would either stop botnets entirely or eliminate the national deficit. In short, a tax on the stupid.

      • Yah, those fines will stop botnets the same way the RIAA lawsuits have stopped piracy. It can't fail!

  • by roc97007 ( 608802 )

    > 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers [...]

    I'd say go for it. I mean how is this any different from Windows Update?

  • Is this like those messages emailed from Microsoft about virus detected on my system? Those things never seemed to make my machine run better. You'd think Microsoft would test their fixes better... ;=)

  • by QuesarVII ( 904243 ) on Wednesday April 27, 2011 @07:20PM (#35958568)
    They shouldn't be helping to uninstall it for people. They should be getting their internet connections shut off to teach them a damn lesson about computer security.
  • My common sense would say that if the user already gave up control of their PC to the botnet, why should they have any say in keeping the feds from removing the bot? The reason the feds are interesting is (I'm assuming) because the botnet caused harm to others. Just remove the bot, if there are consequences, and they know what they are, then it's their own fault.

    But, the federal government is held to a higher standard aren't they?

    • I wonder if we could use a car analogy here. If your car rolled into the street unattended, could the police tow it or would they be liable for damages from towing it?

  • by aralin ( 107264 ) on Wednesday April 27, 2011 @08:16PM (#35958960)

    Why cannot they just ask the ISP to disconnect infected computers from the network? It should be responsibility of each owner to connect with uninfected computer. The company responsible for this whole mess - Microsoft - will likely not be held accountable, but the users should. And when the OS they use start to be liability in their lives, then maybe they will choose based on that as well.

    YACA: If someone installed randomly firing machine guns in the trunk of your car, I doubt FBI response would be a letter asking you if they could please uninstall those for you.

    • by Bob9113 ( 14996 )

      > Why cannot they just ask the ISP to disconnect infected computers from the network?

      Maybe a good idea, maybe not. One risk: If they did this and people did not scream bloody murder, it would be a matter of days until the DoJ started shutting down people suspected of copyright infringement.

      Helping people do the pro-social thing, good. Fining them for anti-social behavior (like we do with copyright), good(*). Disconnecting them from the Internet is less obviously good. The Internet is like public sewer sy

  • Now the DOJ and the FBI do the job to secure Windows. Must really suck to live in a country where the government is run for cooperations paid by tax money. (If anyone wonder, it's the job of Microsoft to secure their system not the DOJ or the FBI to do that for them).

    "FBI field offices would be notifying affected people, companies and organizations."

    yeah, that's why you have the FBI. Not to hunt for criminals like murders, raper or the organized crime, but to go to people and companies and secure their comp

    • It's at least some benefit out of all that fear induced money they got rolled up into homeland security, rather than some other use of it.
  • it's not funny. If it isn't a joke it is insanely stupid.
  • Machines, so it shouldn't be too hard to get permission. Who else has so many clueless users with great connections to the net all concentrated in one set of outfits?
  • I am far from paranoid of government, but if you give government a privilege, they will expand its role.

    Today, removing Coreflood. Tomorrow? Other dangerous software, like BitTorrent or DC++

    It's not paranoid to suggest that if you give a strong central authority a delegated power, they will expand their use of it to justify their salaries/funding.

  • Ubuntu [] is a fast, secure and easy-to-use operating system used by millions of people around the world.

"I will make no bargains with terrorist hardware." -- Peter da Silva