The FBI Fights Malware with More Lethal Malware

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
Aliya Sternstein By Aliya Sternstein,
Senior Correspondent

By Aliya Sternstein

|

The U.S. government just went on the cyber-offensive in shooting down a network of malware-spewing servers. For the first time, the FBI has destroyed a botnet -- an organization that hijacks users' computers via remote servers to unfurl malicious software -- by hijacking the culpable servers to send stop commands.

This was no ordinary spam-spreading botnet. The potent Coreflood, which infects only Microsoft Windows-based computers, monitors its victims' keystrokes as they type to steal the users' personal information such as bank account pin codes, FBI officials said.

This week, law enforcement officials put the kibosh on the operation by seizing the five servers that were manipulating innocent victims' computers. Now, even if computer users are still infected with the worm, any data their machines attempt to send to the servers will trigger a kill command and inform the users' Internet service providers.

The Coreflood perpetrators infiltrated as many as two million computers and made off with hundreds of thousands of dollars through fraudulent wire transfers before the FBI moved in. The Justice Department obtained the servers -- located in Arizona, Georgia, Texas, Ohio and California -- through search warrants, and filed a civil complaint against 13 unnamed alleged thieves.

The cyber intelligentsia seems impressed --

Wired.com writer Kim Zetter reports, "In an extraordinary intervention, the Justice Department has sought and won permission from a federal judge to seize control of a massive criminal botnet comprising millions of private computers, and deliver a command to those computers to disable the malicious software."

But she notes that some privacy proponents are wary of the FBI's actions:

"Not everyone, however, is convinced the government's proactive move is positive and without risk.

"Even if we could absolutely be sure that all of the infected Coreflood botnet machines were running the exact code that we reverse-engineered and convinced ourselves that we understood," said Chris Palmer, technology director for the Electronic Frontier Foundation, "this would still be an extremely sketchy action to take. It's other people's computers and you don't know what's going to happen for sure. You might blow up some important machine.'"

NEXT STORY: Geolocating You: Good Advertising or Too Invasive?