Looks like the FBI is starting to get pretty serious about fighting malware. Traditionally they have attacked the servers that activate and control botnets made up of infected computers. This time they’re going much further by taking control of and issuing commands to the botnets. In this instance it’s a nasty little bug called Coreflood, and they’ve been given permission to take the yet-unheard-of step by a federal judge.
An outside company called Internet Systems Consortium has been tapped to do the actual work. It will call upon the malware on infected computers and issue a command to shut it down. That falls short of fixing the problem as Coreflood will try to phone home again upon reboot. This gets back to the initial problem; we won’t ever be able to stop malware attacks as long as there are users who do not have the knowhow (or simply don’t care) to protect and disinfect their own computer systems.
How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?
[via Gizmodo]
TLDR on the comments, but what damox said, and i would command the botnet to download and install a free antivirus, and run a boot-time scan.
@Frogz Well put! lol
@Vampyredh, put your aluminum foil hat back on.
I don’t like to be paranoid. But much of my paranoia 5 years ago turned out to be true.
So I have to wonder. Are the FBI and DOJ installing any form of backdoor into computers infected by the botnet? Will they use the botnet for some blackhat purpose of their own?
Twenty years ago I’d have thought such a thing would be impossible in the USA. But now I worry its actually likely.
@Vampyredh, by your logic I should thank kiddie porn sikkos for my daughters safety, since because of them the police have a division dedicated to hunting them down (that I pay for out of my taxes?)
@Anonymous, screw tinfoil hat, he needs a wire mesh shielded straightjacket.
As a professional researcher I find humor in this. At least they will have jobs forever shutting down a botnet daily ^^
tax-payer pwnage
It’s illegal for firms to attack bots with solutions to remove infections. This is why it can’t be stopped. Stuff like Flux DNS hides the controllers which are usually owned by Russian, Chinese, and South American politicians and white collar criminals..
Also the fact that people think solutions like NIS, KIS, and NOD32 do anything other that detect weak signatures is hilarious..
Fellow nerds and people with a Clue, I have a small bit of insight I need to share…
The people whose PCs get infected with malware don’t care, they don’t see it as a bad thing. All they think is “oh no I have a virus and now my PC is slow”
And then what do they do?
They give their infected PCs to us to repair! And we do, and then we try to educate them and it always fails. They’re not really interested because we bail them out all the time.
The normal people of the world see their computers in the same way they see lightswitches or microwave ovens or the cash register in their local shop – they have a vague understanding of it but really don’t care.
All they want to do is post on Facebook, watch Youtube and download pirate stuff from Limewire or Vuze. If they collect a few viruses along the way they think it’s about as serious as their car running out of petrol – kind of annoying, but someone else will fix it.
Just bear that in mind the next time you’re sat up till 3am cleaning malware off your parents’ PC for the third time, or you’re taking a tech support call from your sister who asks “if Facebook is inside Internet Explorer, will it also be inside this Firefox thing you put on? Where’s my Hotmail gone?”.
They don’t understand, and more importantly they don’t want to understand any more than they want to understand the inner workings of their washing machine.
i agree with most of the people on here that what the fbi is planning on doing will just cost us money and wont actually do a damn bit of good.
i was wondering though, what do most of you (windows users) use to keep yourselves protected?
i currently have malwarebytes anti malware and avast antivirus, both of which just helped me rid myself of a very annoying rootkit and various malwares in my system.
i noticed no one actually suggested any possible solutions for someone who might currently have a problem with their machine and im just curious as to what you all recommend
Has the DoJ/FBI considered dropping a simple piece of code which determines all the trojans/rootkits/etc on the affected machine then downloads via the user’s own broadband a compressed copy of ALL windows updates as a single large file, along with file CRC checker to detect infected core files and registry entries on boot and make it look like the standard “processing update xxx of yyy” Win7 screen and replace them where found.
Once booted clean the machine then displays a message stating what has been done and encourages the user to buy *proper* antivirus from an approved vendor. Simplez.
Oh, and WHY IN $DEITY’s SAKE don’t Microsoft release a “Windows XP SP3.5” for free download to anyone who can demonstrate they have a valid license key, so your average home user can rebuild their PC with antivirus and at least basic security without resorting to expensive repairs or worse, landfilling their perfectly good laptop because it needs a rebuild.
Not I’m not paranoid at all but some of the dipshits on here seem to underestimate the depth of underhandedness of the United States government. And the kiddie porn comment was so close they have no idea My kid sister has a friend in jail right now because he downloaded with Limewire “The #1 virus downloader” a movie in the folder of that movie was a picture of a 14 year old girl he had no clue he deleted it when he saw it there but that doesn’t stop what happened next and that was what amazed me. The FBI showed up at his door two weeks after he had downloaded and deleted the files and provided a warrant for his computer. They found the single deleted file.(unlike what most people think you can recover deleted files)and now he sits in jail on Piracy and possession of child pornography charges awaiting trial.
With that being said I guess I should tell you what I do for a living I am a criminal defense atty. I have been reading incoming proposals for internet laws for years. The government that people think I am paranoid about has already put in place several loophole laws that can and do allow them to access peoples computers via the internet to gleem information about their whereabouts and are now proposing laws that allow them to read your files to see if you are pirating software and or movies. So while the knock mouth idiots are saying I need a straight jacket and tin foil hat, maybe you ought to read some legal briefs before you spout off with your unkowing keys.
ITT: people complaining about the FBI shutting down botnets.
To all the people asking why they don’t just take control of the computer to install anti-malware software:
The only effective way to remove malware is to wipe the disc and reinstall the OS. No; you using whatever bootcd to detect and ‘clean’ the malware does not work. No; that expensive AV software you bought cannot clean a system after infection (but it may help prevent infection in the first place).
It’s disturbing to see so many of those comments on a supposedly techy website. I’d understand it if this site was full of idiots with no clue.
@abobymouse
Wipe/reinstall is [usually] effective, but it’s not the only way.
That’s like saying the only way to get termites out of your walls is to burn down the house and rebuild.
With a bit of intelligence and experience, anti-malware tools can fully remove the infections.
But in the end, most of these users will just get infected again.
One thing to consider, is to set your computer to Boot from USB, Remove the system hard drive from your actual machine and use a $40 multi-converter for the USB hub. Plug the hard drive into the port and reboot the machine. Also, make a spare hard drive for this with whatever drivers and the like. Once the conversion is complete, the problem is solved. Use a secondary drive on another USB port, (Windows Users) Alternately, you can use a Linux Live DVD called Knoppix, which is distributed under the GNU-GPL License. The Knoppix program is just like a brand new computer on a DVD disc. All you need is some kind of storage media, perhaps a USB drive or SD memory card. Once a hard drive is taken off the DMA Channel, and used through USB, it can not be hacked, Even from the outside. Also, remember to turn Remote Desktop off. This will effective shut out the outside and you can still use your internet connection. I have other tricks that can help secure your privacy and rights. I am a computer Engineer, so I know what it takes to do what you need to do and my method really works.
america can do any thing for oil