14 DAY TRIAL // The FBI has obtained a preliminary injunction allowing it to remotely uninstall Coreflood botnet clients from computers with permission from their owners.
Earlier this month the FBI launched a first-of-a-kind operation to take down a large computer botnet that has been in existence since as far back as 2002.
Known as Coreflood, the botnet's purpose was to steal online banking passwords and other sensitive information.
The FBI obtained a court order allowing it to seize five of Coreflood's command and control servers and 29 domain names used by attackers to communicate with the botnet.
All botnet clients were then routed to a sinkhole server under FBI's control which issued "stop" commands to infected computers located in the United States.
According to the agents who participated in the takedown operation, the botnet managed to infect computers belonging to public institutions, local governments, airports, defense contractors, universities, and even a police department. One particular hospital had the infection on 2,000, or 14 percent, of all its computers.
A motion granted by US District Judge Vanessa Bryant of Connecticut on Monday extended the FBI's authority from issuing "stop" commands, which only has a temporary effect, to remotely uninstalling the malware from computers of users who agree to the procedure.
In its application for the preliminary injunction, the FBI presented data showing that the operation is having positive results. For example, from almost 800,000 Coreflood-infected U.S. computers that contacted the FBI C&C server on April 13, only 100,000 remain as of last Friday.
During this time, the FBI has worked together with ISPs to identify the owners of affected machines and now it will begin contacting them to ask for permission to remotely uninstall the malware or to advise them on how to remove it themselves.