News May 2011.

A win for the good guys, the bots go down.

Thanks to the FBI!
During April, the Federal Bureau of Investigation (FBI) took down a major computer network that was designed to infect and control other computers. This type of network is called a botnet due to the way it turns unsuspecting home and business computers into robots and networks them together. This particular botnet was named Coreflood.

Since 2002, Coreflood has been infecting computers by users opening files or clicking on links that contained the Coreflood program. Once the file or link was opened, in the background without the user knowing, Coreflood went to work in your computer embedding itself. This allowed the people who designed Coreflood to communicate with the infected computer to issue commands so that the computer would be under their control, without the user knowing.

The commands could have been designed to be a nuisance such as changing your wallpaper, opening your CD tray, randomly playing sounds or shutting down your PC. Or they could have been dangerous (recording your keyboard strokes & sending your personal information back to the command servers), or using your computer to launch attacks against other computers.
In an unprecedented move, the FBI has gained access and court approval swap the ‘command and control’ servers that have been controlling the ‘Coreflood’ botnet with the FBIs own control servers. With this control, the FBI could use these servers to send a command to all infected computers to uninstall the Coreflood software.

With an estimated 2.3 million infected computers, a command to uninstall itself would be a very effective way of eradicating Coreflood. However, the FBI has to watch its step and is working with the US Department of Justice to ensure it doesn’t violate the USA’s privacy protection laws. It is currently seeking ‘request and authorization to delete’ from government agencies and corporations and may issue ‘notice of infected computer’ alerts through internet providers to home users.
In the meantime, Microsoft has added a further update to its Malicious Software Removal Tool to tackle the latest instances of Coreflood and this will be released to Windows computers with Microsoft’s next batch of security updates. Most anti-virus software manufacturers will now also detect Coreflood on an infected computer.

While it’s interesting to see the FBI taking this approach to clean millions of computers, it once again highlights the need for computer owners to be vigilant about security measures. It’s easy to forget about older, rarely used computers and if their software isn’t kept up to date, they can easily be targeted by botnet infections. Your security strategy needs to include regular updates to your operating system software and your security software, as well as checking that your security software is functioning correctly and performing regular scans. You also need to practice safe internet habits, such as being careful about suspicious-looking file attachments and not visiting dubious websites.

Coreflood is one of thousands of examples of botnet software currently in existence. Talk to your local Computer Troubleshooter about the best protection strategy for your computers or about any of your technology needs.