Looks like the FBI is starting to get pretty serious about fighting malware. Traditionally they have attacked the servers that activate and control botnets made up of infected computers. This time they’re going much further by taking control of and issuing commands to the botnets. In this instance it’s a nasty little bug called Coreflood, and they’ve been given permission to take the yet-unheard-of step by a federal judge.
An outside company called Internet Systems Consortium has been tapped to do the actual work. It will call upon the malware on infected computers and issue a command to shut it down. That falls short of fixing the problem as Coreflood will try to phone home again upon reboot. This gets back to the initial problem; we won’t ever be able to stop malware attacks as long as there are users who do not have the knowhow (or simply don’t care) to protect and disinfect their own computer systems.
How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?
65 thoughts on “DoJ And FBI Now Issuing Command To Botnet Malware”
>How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?
About 37 seconds. Fight the root cause, not the symptoms!
This is like putting chewing gum in a leaking dam!
I smell C.I.A. and F.B.I. making a move to monitor all computers systems they can as fast as they can. Not as a conspiracy thing but as a way to gather intel through other people misfortune.
What a pathetic attempt to seem like they are actually doing something. Rather than connecting to the computer and shutting it down, why don’t they just batch together a simple script to actually remove the bot they are obviously exploiting to connect. I am sure they can come up with something rather simple if they took the time to actually give two shits about the problem.
Finding a botnet and simply giving a shut down command is epic fail. As for educating users to keep them from installing a bot? It will never happen. You cannot educate a mass of people who are too lazy to even get up to find their remote control to change the channel and think the Shake Weight is actually a good exercise utility.
Teach them not to open EXE files and they will fall for social engineering that gets them to open an SCR file. For every person you educate, a malicious user will find two new ways to infact that same moron.
I wouldn’t be surprised if the feds glean some extra data from the infected botnet while they have control of a ****ing botnet.
They should use the botnet to attack the servers that activate and control botnets.
If I were making a botnet, I’d give all the bots my public key, and have them reject any commands I hadn’t signed. It’s not that hard. I’m surprised botnet owners don’t bother.
(Also I’d make my botnet completely peer-to-peer so I wouldn’t have any servers or domains the government could confiscate to shut it down. That’d be complicated though.)
Sounds like the later variants of the Conficker Worm.
I for one welcome our botnet overlords. They provide millions of jobs for computer technicians. ;D
It is about time they do something.
My computer gets attacked from clicking on a simple Wikipedia link or Google search.
The only one who actually gains from non-enforcement are computer companies that charge you $200 to fix your computer, the anti-virus writers who make a living at this and the hackers.
It is time to start making some of the hackers do community service. If you want to attack other people’s computers then you should start doing the time in community service or jail.
Why isue a shutdown command? Why not have it present a popup or some other form of message to te affected systems…something on the order of “This is the FBI. Your system has been comprimised by malware and is now part of a botnet. Please install antivirus/antimalware as soon as possible…thank you for your cooperation.”
So glad thats not a high res fbi logo lol … could have the feds on you http://bit.ly/bjlWw0
edit to above…Hell have it send links to a dozen or more reputable antivirus solutions and ways to clean the systems up.
Protip: avoid malware, run linux. :D
@JTaylor because it would either freak people out, or look too much like one of those fake antivirus popups.
Quick fix for shutdown command, and we have seen this fix before.
Listen for “fake” shutdown commands and pretend to shutdown although it does something else lets say starts attacking the originator …
Another useful trick is to NOT have a shutdown command … it would be like a runaway diesel!
Have it actually install a valid anti-virus for them. Problem solved…
I think we are overlooking the issue that all malware writers need to have their teeth kicked in.
Anyone with enough know-how to switch to Linux would likely know to use preventative software in the first place so your protip is probably a little off-target.
I assume that the DoJ/FBI are limiting this to computers which are within IP blocks assigned to US ISPs?
I mean, who gave them permission to perform unauthorized remote access of my (UK based) machine?
I’m not going to comment on whether this is right or wrong. But surely they’re overstepping their jurisdiction if they’re issuing commands to computers located outside of the U.S ?
Reminds me of the recent .com poker domains that the FBI hijacked.
Can someone please remind American that they don’t own the internet? FYI people in other countries also use it.
The White House has drafted legislation which provides the first step for exactly what you are describing. It is not the WH’s job to write legislation, but then again why would anyone question. To my knowledge the US Air Force was actually tasked with cyber security a few years ago… so why the redundancy? Also, isn’t it DHS that oversees the TSA?
( the same TSA who frisks 6 year old girls – AP report )
@Stevie – if the attacks are targeting American servers, then it actually is in their jurisdiction.
If computers from out of country are attack the US, then we have every right to extend our jurisdiction.
@Stevie Just because other countries USE the Internet, does not mean that the US doesn’t OWN the Internet. Also, when someone from out of the federal government’s jurisdictions attacks someone within, the government can, and should, step in.
@Pup: That’s simply a matter of personal opinion. People don’t use antivirus because they don’t want McAfee and Norton/Symantec bloatware/bullyware slowing them down AND charging them to do so. In my experience, most people who ask me to clean their systems for them buy computers with this free trial or that one, and never bother to purchase a license or replace it with a free one.
@assi9, Simply moving to GNU/Linux will not solve the problem. It will only encourage more malware activities targeting the new Linux users. Sure, the level of success won’t be as high, initially, but how hard is it for a script to brute force root’s password and do whatever the scripter is clever enough to do?
But the topic isn’t the users, nor the antivirus solutions they may or may not employ. The topic was at least one of the government’s approaches to stop botnets specifically. I agree that this particular method alone won’t be very effective, but I’m confident that we only know one, small aspect of the plan and that we can see some better protection from botnets in the future.
Uh, Stevie, I hate to break it to you, but the .com TLD belongs to the US. I don’t see how it makes sense to argue that a US TLD, ultimately handled by US registrars, is outside the jurisdiction of a US federal law-enforcement agency.
Also, we may not own the whole Internet, no, but we invented it and we can damn well run it as we please. Feel free to partition if that bothers you too much to stand. (In fact, feel free to partition regardless, for all of me. It would upset me not at all to lose the constant attack traffic I get from the more godforsaken parts of eastern Europe.)
@TechB -No, you’re wrong. It’s not a fucking war you moron.
@Wolfton Omg get over yourself. You genuinely believe America “owns” the internet? Jesus christ. I knew your country is made up mostly of dumb fat people but this is a new one.
@Aaron America maintains .com, they don’t “own” it.
Partition? You want me to fix your harddrive or something?
Stevie: You’re right, it’s not a war; it’s a criminal enterprise. You’re not improving your case.
‘Partition’ as in ‘partition the Internet’, as in ‘drop the BGP routes between the US and the rest of the world’. Isn’t that something that’s already been discussed a time or two?
FYI – The internet, as we know and love today, was created by the British – http://en.wikipedia.org/wiki/Tim_Berners-Lee
Just because America had some basic networking going doesn’t mean they invented the internet.
Basically you yanks created a square wheel. We took that square wheel, made it round and built a fucking ferrari.
Bloody yanks need to realise they don’t own the world. You do realise that the only country in the world who thinks America is superior is…. America. The rest of the world think you’re a bunch of morons.
@Aaron -How many times to people have to be corrected…The “world wide web” as we now know it originated at CERN. It is widely reguarded that they invented the internet. What the USA did was provide an infastructure(originating from DARPAnet) for it to operate on. Saying that the internet was invented by the US would be like saying that cable companies invented TV.
This should be easy for the feds, because they will be creating the bots too.
Once they hit the “right” systems, then comes the internets version of September 11 2001.
Most of you will beg to give up more freedom to feel safe, and you will deserve what comes next.
Im going to go make my own internets. No FBI or botnets allowed. Girls are welcome as long as it doesnt end up like myspace in here. All of my IP addresses will be based on symbols like ḴÆƂƴƵǣȸ and every thursday all text will be changed at random to wingdings
The feds should just make their own damn botnet to infect computers with. It’s lazy for them to take over someone else’s, and bad form too.
On further review of this topic…I believe the US should be doing everything it can to learn how to run their own botnets and making more worms like the STUXNET. Future wars will be digital, could you imagine using a worm or virus to create a botnet of an enemy’s fleet of drones? How far off could this be? 15-25 years?
If the “shutdown” command only works until the box is rebooted, this isn’t really a solution. I think it’s more likely that they’re just testing the waters.
I wouldn’t think this is legal anyway. No matter their intentions, the moment .gov issues the command, they will be controlling software on my box without my permission. I’d hope they need a warrant or something to do that.
If there is a law allowing this, I would expect law enforcement to bend the law as much as they can. Law enforcement generally feels it’s justified in a little rule-bending if the result is what they deem positive. In their defense, the criminals are doing the same thing. Long story short, “sending a command to a piece of malware” slowly gets redefined to “sending an exploit with payload to any piece of software we consider malicious.” Granting the authorities more power is a slippery slope. We hand our rights away and forget about it, as long as it’s not our door being knocked-on.
@Drake Gotta love wingdings, sign me up!
Point your browser to dttp://ḴÆƂƴƵǣȸ
Oh wait … i need to run a cat5 line brb
you guys make me ashamed. you’ve never read this?
that’s the future for windows users…
Tom Clancy’s “NetForce” anyone?
Fox TV’s “24” CTU (Counter-Terrorism Unit)? A CIA-NSA agency.
Or better yet, CBS TV’s “Navy NCIS”?
The point is that there are several agencies that monitor the Internet in the USA (and yes, has International jurisdiction). The Secret Service has been a leader in policing the Internet for several years now.
I actually see a usefulness in this methodology, albeit they should still fight the malware itself, but
If the computers kept receiving commands to shut down, the users who normally wouldn’t think about scanning their computers etc will probably either get a new one (I do know some people who think that immediately), or they would take it somewhere to get checked or call someone in.
Therefor, assuming the person checking the computer has a half-decent work methodology, it’ll finally at least be scanned and maybe even restored.
I personally think that the source of the problems are more important, but it might help for the time being.
> How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?
I had thought of 3 countermeasures before even reading that sentence…
@Jimmy – The shutdown message being sent was for the *bot* to shut down, not the computer itself. As the bot is (by design) not something a user is likely to see, they aren’t going to notice it shutting down, except, possibly, as an increase in available compute power for running minesweeper.
perhaps they should track down the coders that write the viruses, exile them to some far off corner of siberia and let them freeze to death. but thats just my opinion. obviously unrealistic and politically incorrect.
i am more concerned that the FBI now has control of the botnet and that it will do their bidding.
the reins should be passed to the cyber-warfare division. nice little ‘free’ war-machine.
my mistake, I misread the article.
Countermeasures nothing — government computer security “experts” and the companies hired by the fed are generally outhacked by teenage 4channers who just download tools off torrent sites.
The people actually writing these botnets are A> usually outside the FBI’s jurisdiction (call me when the CIA gets involved), and B> so far out in front of the average government contractor that I’d be shocked if inside a year we don’t see this government attempt at “controlling the botnets” turned around and used to hack the fed.
Take it a step further and install a utility to shutdown the user’s network adapters as well.
If they figure out how to fix it, great. Otherwise, they don’t deserve to be online.
@edonovan: How about not?
No one said it was a war. And the US does in fact have every right. Your just pissy because it seems like we are the only ones doing any thing about malware and spam.
Ok paranoid much? First let’s not knock the hackers or writers of auspicious code to much those same people….
1. Read this site daily not smart to piss on your own Wheaties if you think about it.
2. Are the same people who know head the governments Cyber-Securities and Weapons Control Security as well as Social Security, The Securities Exchange Commission, Or even more well known things Like Norton Anti virus Avg Anti Virus SpyBotSd.
so it is because of hackers we have security and lets face it hackers run everything people are just to stupid to realize it.
So hackers are needed they protect us they show us new and wonderful ways to create things as well as stop others from destroying our things.
I just think as I said this is another excuse for government control over everything Americans do. And yes they are trying to pass legislation that allows the government to randomly just peek into your system and run key loggers to see what you are saying when ever they choose to. Who cares about anything else I mean really?
Please be kind and respectful to help make the comments section excellent. (Comment Policy)