Untouchables have killed CoreFlood

The FBI seems to have killed off the Coreflood botnet with the number of pings from the botnet falling over the last month.

According to Ars Technica, the number of pings from infected US systems plummeted from nearly 800,000 to less than 100,000 in about a week.

Pings from infected computers outside the US have also dropped about 75 percent, as the FBI warned foreign ISPs.

The Feds wrote that its efforts have “temporarily stopped Coreflood from running on infected computers in the United States.” But more importantly it seems to have stopped Coreflood from updating itself. This has helped anti-virus software vendors to release new virus signatures that can recognize the latest versions of Coreflood.”

The Justice Department has asked the court to extend authorisation for “Operation Adeona” for an extra thirty days, through May 25, so the Feds can continue to temporarily disable the malware as it reports in from infected hosts.

It looks like the new filing indicates that the DoJ will ask the court to actually instruct infected computers to permanently uninstall the malware. This will be the first time in US history that a government agency automatically removed code from Americans’ computers.

Two weeks ago the DoJ obtained a court order allowing the FBI and US Marshals Service to swap out command-and-control servers that were communicating with machines infected with Coreflood and replace them with servers controlled by the FBI.

This allowed the government to collect the IP addresses of infected machines which pinged the FBI servers and to temporarily disable the Coreflood malware running on the machines.