Feds Will Remotely Uninstall Coreflood Botnet

The FBI has identified infected computers. Those infected are the PCs targeted for the remote eradication once written consent is received.

By Kara Reeder | Posted Apr 27, 2011
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Over the next few weeks, federal authorities will remotely uninstall the Coreflood botnet Trojan from infected Windows PCs after the owners have been identified by the Department of Justice and have submitted an authorization form to the FBI, reports Computerworld.

Earlier this month, U.S. authorities shut down a crime ring that used Coreflood to tether millions of PCs to a botnet that stole banking credentials and other sensitive data. Authorities seized five major computer servers, as well as 29 domain names the botnet used to communicate with those servers.

The FBI has identified infected computers. Those infected are the PCs targeted for the remote eradication once written consent is received. There are some risks with the uninstall, notes the consent form:

While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers.

However, FBI Special Agent Briana Neumiller assures victims:

The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter