Skip to: Content
Skip to: Site Navigation
Skip to: Search


FBI set to kill secret-stealing Russian 'botnet.' Is your computer infected?

The FBI has seized control of a Russian cybercrime enterprise, but to kill it completely, officials may ask to rip some malware out of your computer. US diplomatic secrets could be at stake.

(Page 3 of 4)



Working closely with private computer security experts, the FBI first substituted its own computers for Coreflood's. So when the PC bots “beaconed” for instructions, they got the FBI substitutes instead. The FBI machines responded by sending commands ordering the malicious Coreflood software inside the bot computers to sleep – just do nothing.

Skip to next paragraph

As a result, by late last month, the number of Coreflood bots in the network that were actively “phoning home” had dropped by 90 percent, according to federal court filings last week. But that was not a permanent fix. Putting the program to sleep is not the same as removing it. Unless the malware is removed by a Microsoft or antivirus update downloaded onto the computer, it will start up again the next time the computer is rebooted.

So Step 2 began last week with the FBI seeking and getting court permission to send a “kill” command to those same computers, effectively uninstalling the botnet software. Before it sends the command, however, the FBI told the court it would get written permission from each computer owner, the court filing said.

“These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure,” Shawn Henry, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, said in a statement.

Privacy advocates concerned

Still, the idea of having the FBI sending commands to a million computers with unknown impact on the computers is unsettling to privacy advocates.

“It's a terrible, huge botnet and if the FBI can take it out it would erase a few problems,” acknowledges Chris Palmer, technology director for the Electronic Frontier Foundation, a computer privacy group based in San Francisco. “I do worry about what could happen to individuals’ computers if things don't go well. I just hope it doesn't expand beyond the noble goal.”

Others echo that view.

“If it doesn't work, we can't say where it might lead,” writes Paul Ducklin, head of technology in the Asia Pacific region for Sophos, a computer security firm based in Britain. “Will the next step be that the cops give up? Or that they push for yet more power? And, whichever way they go, how will people react?”

So far, however, the benefits appear clear to at least some victims waking up to the threat. In one example, the chief information security officer of a hospital health-care network discovered that 2,000 of the hospital’s 14,000 computers were infected by Coreflood. Because of the FBI’s move to put Coreflood out of action, the hospital was able to investigate and repair its machines instead of desperately trying to stop data from being pulled out of thousands of infected computers, according to the court filing.

Permissions

Read Comments

View reader comments | Comment on this story