Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Authorities Plan To Mass-Uninstall Emotet From Infected Hosts on March 25 (zdnet.com) 26

Law enforcement officials in the Netherlands are in the process of delivering an Emotet update that will remove the malware from all infected computers on March 25, 2021, ZDNet has learned today. From a report: The update was made possible after law enforcement agencies from across eight countries orchestrated a coordinated takedown this week to seize servers and arrest individuals behind Emotet, considered today's largest malware botnet. While servers were located across multiple countries, Dutch officials said that two of three of Emotet's primary command and control (C&C) servers were located inside its borders. Dutch police officials said today they used their access to these two crucial servers to deploy a boobytrapped Emotet update to all infected hosts. According to public reports, also confirmed by ZDNet with two cyber-security firms that have historically tracked Emotet operations, this update contains a time-bomb-like code that will uninstall the Emotet malware on March 25, 2021, at 12:00, the local time of each computer.
This discussion has been archived. No new comments can be posted.

Authorities Plan To Mass-Uninstall Emotet From Infected Hosts on March 25

Comments Filter:
  • by rldp ( 6381096 ) on Thursday January 28, 2021 @10:38AM (#61001406)

    two months to exploit the botnet for their own purposes?

  • Worst case is that they kill some really expensive industrial installations. Best case is no problems at all. Will be interesting to see.

    • This botnet is C&C based. And now with C&C servers all seized, it's unlikely the already-installed bots will harm their victims any further. Without C&C, which sends (or posts) orders, the bots are just like lost zombies... they know how to do things, but they won't do it unless instructed to.
  • by Anonymous Coward on Thursday January 28, 2021 @10:59AM (#61001508)

    They should at least try to contact the owners of the infected machines. Too often the reason security isn't taken seriously is because managers believe that they haven't been hacked yet so why worry. They seem to be unaware that the world has changed since the nineties, most hackers today aren't skiddies doing it for the lulz but criminals or state actors who are trying to be invisible. Especially when security has been defunded to the point where it can't even detect threats let alone defend against them, these intrusions can easily remain invisible, leading to justifications for even more defunding. Contacting the owners might give management the heads up of how things really are.

    Also, if they handle GDPR protected data, it should be made public that they got infected. People should know that their data may have leaked.

  • legal? (Score:4, Insightful)

    by tero999 ( 2594583 ) on Thursday January 28, 2021 @11:23AM (#61001596)
    How is this legal? "Changing" other computers without permission?
    • by PPH ( 736903 )

      It's like Covid. Your computer is infected. It can either get vaccinated or be forced into isolation (unplug your Internet connection).

    • You may be surprised what is "legal" for other parties to do to your computer. Have you read all the fine print on every End-User Licence Agreement you clicked OK to? You may have paid for your computer, but don't kid yourself that you have sole rights regarding what is done to your computer. Running Windows, for example, grants Microsoft considerable rights. I don't know much about Macs, but last time I looked at the EULA on my iPhone I recall it ran to more than 40 pages.
      • by rtb61 ( 674572 )

        M$ EULA is in fact illegal in most countries. By law most countries require that ALL conditions of sale be on clear display at the point of sale ie you sell a disc in a carboard box, then the EULA must be printed clearly on the box. Further to this all post purchase contract conditions are also illegal.

        The USA and some third world countries are the only countries corrupt enough to allow the enforcement of post purchase agreements. It is a corrupt as it gets.

    • The code belongs to a criminal organization and is evidence of an ongoing crime. If you chose to claim ownership of an instance of this code that appears on your computer, that would mean either a) you are part of the criminal organization, or b) you stole it from the criminal organization. At least if you concede a) you get the Dutch equivalent of due process.

    • They are from The Government, and they are here to help.

      More to the point... What are you going to do about it? Complain? To whom? And will they care?

  • "Demz gubberment regulations be teh devil!"

    Or does that only apply to being abused by officially incorporated criminals?

  • I was not able to find who is affected by Emotet. I mean Windows, Mac, or Linux. Maybe Android? And is there a av-test for it?

Algebraic symbols are used when you do not know what you are talking about. -- Philippe Schnoebelen

Working...