FBI To Remove Coreflood From Infected Computers

I’ll be honest and admit I’ve heard little about the botnet being referred to as Coreflood. Apparently it did something nasty enough to gain the attention of the Federal Bureau of Investigations (FBI) though:

Two weeks ago, the DOJ and the FBI obtained an unprecedented temporary restraining order that allowed them to seize five command-and-control (C&C) servers that managed Coreflood. Since then, the U.S. Marshal’s Service has operated substitute C&C servers that have disabled the bot on most infected PCs.

But that’s not the most interesting part of this story. It seems that the FBI have been able to identify the owners of some infected machines and are going to offer to uninstall the botnet software from those owner’s computers:

The FBI has also identified infected computers, and in some cases has linked names to the static IP addresses. Those are the PCs targeted for remote Coreflood eradication.

“While the proposed preliminary injunction is in effect, the Government also expects to uninstall Coreflood from the computers of Identifiable Victims who provide written consent,” said the DOJ in the memo.

I’m not sure how the written consent will be dispatched but I do have some advice if you should receive such a consent form. First of all turn it down, the last people you want in your system is the government. Thor knows that they’ll probably uninstall the botnet software but will also install something that monitors your network activity to “verify property removal.” Yes I’m actually that cynical but I trust nobody inside of my machines be it government officials or just regular people off of the street (although I’m inclined to trust the latter more).

The second thing you should do after burning that consent form is to wipe the machine and reinstall the operating system plus all available updates. Only one means exists to uninstall malicious software and ensure it’s actually gone, wiping the entire computer clean and starting from scratch. Software is incredibly complex and there is no way to know if every backdoor for a piece of malicious software has been removed. Do yourself a favor, if your system has been infected just start over. Anti-malware software can make an attempt to remove malicious software and may or may not be successful but you have no way of knowing.