The notorious Coreflood botnet has penetrated a veritable who's who of sensitive organizations, including banks, state and local governments, airports, defense contractors, and a police department, an FBI agent said in sworn testimony. An executive of one compromised hospital healthcare network found that 2,000 of its 14,000 …
"The disinfection involves...
"...tracking down the individual owners and getting their permission to issue an “uninstall” command from the substitute servers."
Dear Computer User,
We have discovered that your computer is infected with Coreflood Malware. We need your permission to run an uninstall program to remove it from your system.
Please click on the attached .exe file to enable this.
This is the federal government...
@Graham Marsden: Naw, they'll send a letter instead.
Ot just send in the black helicopters
That will get peoples attention ;-)
I just cringe and know that many of the hundreds and hundreds of people I support will click on that exe.
What motivation to have to clean the machines?
or are we just paranoid schitzophrenic?
All in favor of the FBI botnet, raise your hands.....thank you.
How about this instead?...
"FBI researchers have successfully used the procedure on test computers, but a waiver that infected machine owners are asked to sign releases the feds from any legal liability should things go wrong."
"At no point do federal authorities have any control over infected computers or access to personal data residing on them, and owners who want to opt out of the disinfection routine may do so."
And if they refuse?
How about this: If they refuse to let the FBI clean their machine(s), then they will be given, let's say, 24 hours, and if their machine(s) are still infected, they will then be judged complicit in the damage that the malware does, and be taken to court and be subject to whatever sanctions the law allows.
Or this: make computer owners/users legally responsible for keeping their machines clean, and give ISP's the legal right to disconnect any zombified machines.
"and give ISP's the legal right to disconnect any zombified machines."
I've seen my local provider cut others off for this reason.
issue the "uninstall" or block their connection
am I the only one who finds it a little strange that they simply don't issue the uninstall command right away instead of talking about it and getting the operators of this little menace a chance to regroup and work around the current stop command? simply clean the problem
or work with the major ISPs to redirect all port 80 traffic from infected machines to a page that lets users choose to remove the malware or be fined for knowingly aiding and abetting a criminal activity... if an ISP can track who's torrenting copyrighted material or surfing kidding porn surely this is trivial...
Why not uninstall ?
Not all windows PCs are used at home for surfing.
Some idiots employ them for life support or controlling nuclear reprocessing plants.
The title is required, and must contain letters and/or digits.
"a waiver that infected machine owners are asked to sign releases the feds from any legal liability should things go wrong"
Something has already gone wrong, they've got a bot installed on their computers
Isn't it time to hold Microsoft responsible?
Toyota needed to explain to a commission of the US congress why their cars were not save (http://www.nytimes.com/2010/02/24/business/global/24akio.html).
Apparently Windows is not save. So I do not see the difference.
Steve Balmer should explain to congress why the FBI is doing all this work for Microsoft on taxpayers dime. Especially since most of it can be prevented if MS did their work properly. And he should explain what Microsoft is doing to prevent this from happening again and again and again.
No-one is save
Since when did Microsoft, or indeed anyone, offer a guarantee of security, implied warranty, suggestion of fitness for purpose or merchantability?
You do read EULAs, right?
No-one is going to make that sort of guarantee of something as monumentally complex as a modern consumer operating system; they'd be bare-faced liars if they did, and they'd be tarred and feathered at the next shareholder meeting. Fine fine, you have an irrational hatred of MSFT. But do you think Apple would make the same guarantees of their software? How about Google? Who's going to underwrite such guarantees of open source software? Perhaps you want govermnents to make that illegal too?
Making provably secure software for any non-trivial purpose is exceedingly difficult. I guarantee you that no-one is willing to take a 20-year step back in software and hardware functionality in order to get that sort of guarantee unless they are literally forced to do so. As most of us live in a market-driven economy, it simply won't happen.
I know Airbus and BMW give you guarantees
Windows has an estimate of 50 million loc
A car has 200 million loc
and an airplane does not fall from the sky.
Size and complexity have little to do with code quality. Anyone can write a buggy program that is not complex and also small.
But worse, you assume that software is something that "normally" contains faults and therefore can never be save. That assumption is wrong.
Very true however if IE wasn't buried so deep in the OS and have so many of the APIs used by IE similar to OS APIs viruses wouldn't be nearly the issue.
A general purpose OS is a very different thing from a dedicated system or an RTOS.
An aeroplane has at least three, often five computers all running different OSes and different code to do the same job. These systems are all written in different lanugages by different teams of people. This is why planes don't drop out of the sky, the code may be of higher quality than a general purpuse OS, but it's not bug free, they just mitigate against the bugs.
I'm not sure about the 200million lines of code for a car, either, that sounds rather on the large side. Furthermore, a car doesn't let you install any old software you choose and pretty much always allows you to stamp on the brake/pull on the handbrake, software or not.
Talk is Cheap
I'm sure he would explain that MS is doing a lot. Trustworthy Computing, DRM and all the crap MS and Intel tried to do years ago that the public resoundingly rejected. And Win7 is the answer to all the problems if only those penny pinching users would upgrade their hardware and software.
Don't think that I'm defending MS, I think they have failed miserably and really don't have a clue how to proceed - but they can certainly produce a lot of evidence that they have thrown hundreds of millions of dollars at the problem. They are the proof that throwing money at a problem is not always a solution. From my perspective it looks like every person at MS (at least with any authority) is a moran because they always make the wrong choice. They always choose the complex solution over the simple one, they paper over bad construction rather than fixing the core problems and they consistently fail to follow their own software design standards. The biggest weakness of their OS is now its bloated size.
New laws needed
This should probably work a bit like planning permission. If the government can authorise someone to send a bulldozer through your land to build a new bypass or shopping centre, similar but somewhat faster procedures should be applied if they need to bulldoze a remotely controlled botnet program installed on your computer in a minimally disruptive manner. This shouldn't require everyone to be informed in writing.
The relevant government agency (e.g. FBI or a UK Computer Crime Unit) should simply be able to issue a public Internet notice explaining actions to be taken and their purpose in advance. If the CCU have taken over C&C servers in preparation using existing powers and secure disinfection requires knowledge of secret keys on the infected computers these keys should obviously not be disclosed, but details needed to firewall in advance should be (e.g. port numbers and address block of where the disinfection commands will come from). The process should be subject to some kind of public scrutiny in order to minimise risk of damage to those affected and to ensure the power isn't misused, and for this to happen what is to be done and why has to be made public knowledge with enough time for anyone opposed to be able to lodge objections and firewall/disinfect their own assets as they consider necessary.
"if they need to bulldoze a remotely controlled botnet program installed on your computer"
"The process should be subject to some kind of public scrutiny... firewall/disinfect their own assets as they consider necessary."
Somethings should just not be possible. Because if we do as you suggest, we create a single point of failure. Someone only needs to get a hold of that protocol and "they" can shutdown down everything. From the computers in governments (yes s because everyone on the planet uses Windows!) all the way to the waterpumps for public water. Bad idea.
Reminds me of this movie: http://www.youtube.com/watch?v=8TLD3Z6sJWA
"You designed it, wanted it foolproof. You said every television in London"
scrub the zombies
Why is there any argument about failing to remotely and IMMEDIATELY scrub the zombie pc's?
To address a concern mentioned above: None of those infected pc's are running nuclear plants because they're NEVER connected to the internet, nor life-saving equipment because internal latency of Windoz precludes implementing life-saving software on this platform.
Identifying these zombies indicates a total lack of responsibility by the owner. If the scrubbing operation makes the zombie pc inoperable, then so what? You can't possibly imagine how much I don't care that some double-digit-IQ mouth-breather bone-head with a pc on the internet is suddenly unable to access 24-hour porn or play MMORPGs in his underwear? They've relinquished their responsibility by not only possessing but maintaining a compromised computing system, attached to a world-wide interconnected communications network that is damaging other computers.
I say kill 'em all and let god sort it out.
- Vid Hubble 'scope scans 200,000-ton CHUNKY CRUMBLE ENIGMA
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad