Coreflood beware: the FBI is not finished with you.
Even after seizing the Coreflood servers, the FBI says its work is not yet done. The FBI said it will remotely uninstall the Botnet from the infected computers; so long as the owner of the computer has submitted an authorization form. The FBI has asked the court for additional 30 days through May 25, for people to submit the form. The government may also ask the court for permission to instruct infected computers to permanently uninstall the malware
The botnet's impact as already been dramatically reduced due to a court order that allowed the FBI to collect IP addresses of any infected machine. The Bureau says the number of pings from the botnet since the takedown operation have gone from nearly 800,000 to less than 100,000 in the short time since it seized the servers. This drop is roughly 90 percent -- the FBI also have found similar numbers outside the U.S., with a reported drop of 75 percent.
We temporarily stopped Coreflood from running on infected computers in the United States and have stopped Coreflood from updating itself, thereby enabling anti-virus software vendors to release new virus signatures that can recognize the latest versions of Coreflood, the FBI wrote in a filing.
The Coreflood botnet, however, is tricky. Every time an infected user reboots their computer, it reinstalls itself. Thus, each time this happens the FBI's software has to resend the stop command until it is gone completely.
The FBI told the court it didn't have an estimate of how many infected computers were left. It said it would contact people whose computers were among the many still in trouble.
The Botnet infected people's computers by installing a key-logging program. Key loggers allow cyber thieves to steal personal and financial information via users' keystrokes. The infection happened through the opening of a malicious email attachment and the malware is subsequently controlled by the attacker via a remote server.
Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure, said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response, and Services Branch, in a statement.
Credit: FBI via Wired