The FBI has confirmed that it will use its control of the Coreflood botnet to remotely uninstall the trojan from some infected Windows PCs.
The DoJ said that Coreflood will be removed from infected computers only when the owners have been identified by the Department of Justice (DOJ). Even then they will have to submit an authorisation form to the FBI.
It has been estimated that there are still 2 million compromised computers in the Coreflood network and it would not be difficult for the crims who built it to take it over again.
The Untouchables have control of five command-and-control (C&C) servers that managed Coreflood and have operated substitute C&C servers that have disabled the bot on most infected PCs.
Coreflood has been shut down by 90 percent in the U.S. and nearly 75 percent in other countries, but the government wants to do more.
According to a DoJ memo, the FBI has also identified infected computers, and in some cases has linked names to the static IP addresses. Those are the PCs targeted for remote Coreflood eradication.
By having written consent form from users, the FBI does not need to ask for the court’s permission to uninstall Coreflood.