back to article Feds move to uninstall bot that hit banks, airports, cops

The notorious Coreflood botnet has penetrated a veritable who's who of sensitive organizations, including banks, state and local governments, airports, defense contractors, and a police department, an FBI agent said in sworn testimony. An executive of one compromised hospital healthcare network found that 2,000 of its 14,000 …


This topic is closed for new posts.
  1. Graham Marsden

    "The disinfection involves...

    "...tracking down the individual owners and getting their permission to issue an “uninstall” command from the substitute servers."

    Dear Computer User,

    We have discovered that your computer is infected with Coreflood Malware. We need your permission to run an uninstall program to remove it from your system.

    Please click on the attached .exe file to enable this.

    Yours Sincerely,

    The FBI.

    1. J. Cook Silver badge

      This is the federal government...

      @Graham Marsden: Naw, they'll send a letter instead.

      1. Anonymous Coward
        Anonymous Coward

        Ot just send in the black helicopters

        That will get peoples attention ;-)

    2. Zippy the Pinhead

      @ Graham

      I just cringe and know that many of the hundreds and hundreds of people I support will click on that exe.

  2. Anonymous Coward

    What motivation to have to clean the machines?

    or are we just paranoid schitzophrenic?

    All in favor of the FBI botnet, raise your hands.....thank you.

  3. Turtle

    How about this instead?...

    "FBI researchers have successfully used the procedure on test computers, but a waiver that infected machine owners are asked to sign releases the feds from any legal liability should things go wrong."

    "At no point do federal authorities have any control over infected computers or access to personal data residing on them, and owners who want to opt out of the disinfection routine may do so."

    And if they refuse?

    How about this: If they refuse to let the FBI clean their machine(s), then they will be given, let's say, 24 hours, and if their machine(s) are still infected, they will then be judged complicit in the damage that the malware does, and be taken to court and be subject to whatever sanctions the law allows.

    Or this: make computer owners/users legally responsible for keeping their machines clean, and give ISP's the legal right to disconnect any zombified machines.

    1. Zippy the Pinhead

      @ Turtle

      "and give ISP's the legal right to disconnect any zombified machines."

      I've seen my local provider cut others off for this reason.

  4. OffBeatMammal

    issue the "uninstall" or block their connection

    am I the only one who finds it a little strange that they simply don't issue the uninstall command right away instead of talking about it and getting the operators of this little menace a chance to regroup and work around the current stop command? simply clean the problem

    or work with the major ISPs to redirect all port 80 traffic from infected machines to a page that lets users choose to remove the malware or be fined for knowingly aiding and abetting a criminal activity... if an ISP can track who's torrenting copyrighted material or surfing kidding porn surely this is trivial...

    1. Anonymous Coward
      Thumb Up

      Why not uninstall ?

      Not all windows PCs are used at home for surfing.

      Some idiots employ them for life support or controlling nuclear reprocessing plants.

  5. Field Marshal Von Krakenfart

    The title is required, and must contain letters and/or digits.

    "a waiver that infected machine owners are asked to sign releases the feds from any legal liability should things go wrong"

    Something has already gone wrong, they've got a bot installed on their computers

  6. Anonymous Coward


    Isn't it time to hold Microsoft responsible?

    Toyota needed to explain to a commission of the US congress why their cars were not save (

    Apparently Windows is not save. So I do not see the difference.

    Steve Balmer should explain to congress why the FBI is doing all this work for Microsoft on taxpayers dime. Especially since most of it can be prevented if MS did their work properly. And he should explain what Microsoft is doing to prevent this from happening again and again and again.

    1. Ru

      No-one is save

      Since when did Microsoft, or indeed anyone, offer a guarantee of security, implied warranty, suggestion of fitness for purpose or merchantability?

      You do read EULAs, right?

      No-one is going to make that sort of guarantee of something as monumentally complex as a modern consumer operating system; they'd be bare-faced liars if they did, and they'd be tarred and feathered at the next shareholder meeting. Fine fine, you have an irrational hatred of MSFT. But do you think Apple would make the same guarantees of their software? How about Google? Who's going to underwrite such guarantees of open source software? Perhaps you want govermnents to make that illegal too?

      Making provably secure software for any non-trivial purpose is exceedingly difficult. I guarantee you that no-one is willing to take a 20-year step back in software and hardware functionality in order to get that sort of guarantee unless they are literally forced to do so. As most of us live in a market-driven economy, it simply won't happen.

      1. Anonymous Coward

        I know Airbus and BMW give you guarantees

        Windows has an estimate of 50 million loc

        A car has 200 million loc

        and an airplane does not fall from the sky.

        Size and complexity have little to do with code quality. Anyone can write a buggy program that is not complex and also small.

        But worse, you assume that software is something that "normally" contains faults and therefore can never be save. That assumption is wrong.

        1. Anonymous Coward
          Anonymous Coward

          @AC 13:54

          A general purpose OS is a very different thing from a dedicated system or an RTOS.

          An aeroplane has at least three, often five computers all running different OSes and different code to do the same job. These systems are all written in different lanugages by different teams of people. This is why planes don't drop out of the sky, the code may be of higher quality than a general purpuse OS, but it's not bug free, they just mitigate against the bugs.

          I'm not sure about the 200million lines of code for a car, either, that sounds rather on the large side. Furthermore, a car doesn't let you install any old software you choose and pretty much always allows you to stamp on the brake/pull on the handbrake, software or not.

      2. Zippy the Pinhead

        @ Ru

        Very true however if IE wasn't buried so deep in the OS and have so many of the APIs used by IE similar to OS APIs viruses wouldn't be nearly the issue.

    2. Eddie Johnson

      Talk is Cheap

      I'm sure he would explain that MS is doing a lot. Trustworthy Computing, DRM and all the crap MS and Intel tried to do years ago that the public resoundingly rejected. And Win7 is the answer to all the problems if only those penny pinching users would upgrade their hardware and software.

      Don't think that I'm defending MS, I think they have failed miserably and really don't have a clue how to proceed - but they can certainly produce a lot of evidence that they have thrown hundreds of millions of dollars at the problem. They are the proof that throwing money at a problem is not always a solution. From my perspective it looks like every person at MS (at least with any authority) is a moran because they always make the wrong choice. They always choose the complex solution over the simple one, they paper over bad construction rather than fixing the core problems and they consistently fail to follow their own software design standards. The biggest weakness of their OS is now its bloated size.

  7. copsewood

    New laws needed

    This should probably work a bit like planning permission. If the government can authorise someone to send a bulldozer through your land to build a new bypass or shopping centre, similar but somewhat faster procedures should be applied if they need to bulldoze a remotely controlled botnet program installed on your computer in a minimally disruptive manner. This shouldn't require everyone to be informed in writing.

    The relevant government agency (e.g. FBI or a UK Computer Crime Unit) should simply be able to issue a public Internet notice explaining actions to be taken and their purpose in advance. If the CCU have taken over C&C servers in preparation using existing powers and secure disinfection requires knowledge of secret keys on the infected computers these keys should obviously not be disclosed, but details needed to firewall in advance should be (e.g. port numbers and address block of where the disinfection commands will come from). The process should be subject to some kind of public scrutiny in order to minimise risk of damage to those affected and to ensure the power isn't misused, and for this to happen what is to be done and why has to be made public knowledge with enough time for anyone opposed to be able to lodge objections and firewall/disinfect their own assets as they consider necessary.

    1. Anonymous Coward

      Brilliant idea

      "if they need to bulldoze a remotely controlled botnet program installed on your computer"

      "The process should be subject to some kind of public scrutiny... firewall/disinfect their own assets as they consider necessary."

      Somethings should just not be possible. Because if we do as you suggest, we create a single point of failure. Someone only needs to get a hold of that protocol and "they" can shutdown down everything. From the computers in governments (yes s because everyone on the planet uses Windows!) all the way to the waterpumps for public water. Bad idea.

      Reminds me of this movie:

      "You designed it, wanted it foolproof. You said every television in London"

  8. LewFoo

    scrub the zombies

    Why is there any argument about failing to remotely and IMMEDIATELY scrub the zombie pc's?

    To address a concern mentioned above: None of those infected pc's are running nuclear plants because they're NEVER connected to the internet, nor life-saving equipment because internal latency of Windoz precludes implementing life-saving software on this platform.

    Identifying these zombies indicates a total lack of responsibility by the owner. If the scrubbing operation makes the zombie pc inoperable, then so what? You can't possibly imagine how much I don't care that some double-digit-IQ mouth-breather bone-head with a pc on the internet is suddenly unable to access 24-hour porn or play MMORPGs in his underwear? They've relinquished their responsibility by not only possessing but maintaining a compromised computing system, attached to a world-wide interconnected communications network that is damaging other computers.

    I say kill 'em all and let god sort it out.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020