Feds Will Remotely Uninstall Coreflood Botnet

By Kara Reeder | Apr 27, 2011 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/feds-will-remotely-uninstall-coreflood-botnet
Over the next few weeks, federal authorities will remotely uninstall the Coreflood botnet Trojan from infected Windows PCs after the owners have been identified by the Department of Justice and have submitted an authorization form to the FBI, reports Computerworld.

Earlier this month, U.S. authorities shut down a crime ring that used Coreflood to tether millions of PCs to a botnet that stole banking credentials and other sensitive data. Authorities seized five major computer servers, as well as 29 domain names the botnet used to communicate with those servers.

The FBI has identified infected computers. Those infected are the PCs targeted for the remote eradication once written consent is received. There are some risks with the uninstall, notes the consent form:

While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers.

However, FBI Special Agent Briana Neumiller assures victims:

The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.