- Jan 24, 2011
- 9,378
The FBI and US federal prosecutors have disabled a botnet of over 2 million infected computers and took the unprecedented step of setting up sinkhole servers to keep it under control.
The FBI has seized five command and control (C&C) servers, as well as 29 domain names used by the Coreflood botnet to communicate with them.
The action was the result of a temporary restraining order that also allows authorities to set up replacement servers to issue commands that temporarily stop botnet clients.
While the stop command combined with the seizures helps keep the botnet's authors from regaining control, it does not remove the malware from infected computers.
In order to tackle this issue, the Department of Justice together with the FBI and ISPs that volunteer, will be notifying the owners of the affected machines and help them clean the infection.
The DoJ notes that identified owners will also be given the right to opt out of the TRO and keep the malware running on their computers if they so wish.
It's worth noting that this enforcement action will only be performed for infected computers located in the United States. This means that a good number of Coreflood victims will remain infected.
More details - link
The FBI has seized five command and control (C&C) servers, as well as 29 domain names used by the Coreflood botnet to communicate with them.
The action was the result of a temporary restraining order that also allows authorities to set up replacement servers to issue commands that temporarily stop botnet clients.
While the stop command combined with the seizures helps keep the botnet's authors from regaining control, it does not remove the malware from infected computers.
In order to tackle this issue, the Department of Justice together with the FBI and ISPs that volunteer, will be notifying the owners of the affected machines and help them clean the infection.
The DoJ notes that identified owners will also be given the right to opt out of the TRO and keep the malware running on their computers if they so wish.
It's worth noting that this enforcement action will only be performed for infected computers located in the United States. This means that a good number of Coreflood victims will remain infected.
More details - link
