FBI Kills Botnet, Kills It Good

The FBI received a court order, which today allowed them to kill the hell out of a massive botnet by taking out a piece of malware called Coreflood. Usually, when someone wants to shut down a botnet, they just, you know, shut it down by taking the servers that host it offline. But this recent action allowed them to really salt the earth, shutting down the actual software behind it. The feds haven't been permitted to do this before—because the old idea was that any group behind such an act would be just as guilty of hacking as those big, bad botnet guys. [Ars Technica]


Share This Story

Get our newsletter


Dark Side Cookies

Here's some clarification from the original article:

The Feds were not installing software on to users' computers. What they did was swap out the command & control servers used by the botnet. When the malware attempted to phone home to the servers, they would receive back a command to disable their harmful code. This was essentially nothing more than a man-in-the-middle attack against the malware; a user would never notice something happened.

Microsoft, on the other hand, updated their Malicous Software Removal Tool, and I assume Security Essentials as well, to actually delete the malware files. As long as the user was diligent about running system updates and virus scans, they had nothing to worry about. Microsoft was the one installing software on to users' computers, not the Feds.

The only Big Brother moments I found in the article was the Feds recording the IP address of any malware piece that checked-in to the new, Fed-run servers. They would then forward that address on to the appropriate ISP, and the ISP would then inform the user that their computer was infected. This is a clear case of attempting to protect people from their own carelessness. Did it cross a line? I don't know; I'm not an expert on privacy law or ethics.

I can understand both sides of the issue. On the one hand, it is kind of creepy to receive a letter informing you that your machine is infected. How did they know that? What's going on? Not to mention it is sort of pulling an "iRobot" by protecting people from themselves.

On the other hand, it's lazy and uninformed users who helped to spread the Conficker worm all over the globe. In that case, all people had to do was install a months-old security update, and the malware would have been killed dead. But it was allowed to linger, and caused millions, if not billions, of dollars in damage and lost time.