In a progressive leap forward, the US Justice Department has received approval to take control of a seized botnet command structure with the purpose of sending instructions to undermine the infection at the client. This is the first time the US agencies have ever directed efforts to directly clean the remote controlled ‘bots’.
In a press release, Shawn Henry, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, stated “These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the internet more secure”.
This is a game changing tactic for computer security! Until recently, when law enforcement agencies 'took down' botnets, it was limited to the handful of command-and-control servers. Although temporarily effective in stopping the organized use of the bots, it still kept the mass of infected systems intact. In some previous cases new command servers were established shortly thereafter and the waiting drones picked up where they had left off. Past enforcement efforts against the herders was largely ineffective and simply amounted to a temporary disruption in the botnet malicious services. But now, with the ability to reach out to the infected systems and 'kill' the malware present on the PC's, the bot army can be dissolved. So even if new command servers are established, they have nothing to control. This is great news for owners of all those infected systems, most of which don't even know their home PC is contributing to the botnet problem.
This policy is not without controversy. The mere thought of a government reaching out to privately owned and managed computers can make some people nervous. If unchallenged, this will set a legal precedent and more countries will likely follow suit. But all politics aside, strictly from a security perspective this is new and potentially very effective weapon in the war against botnets.
I predicted just such type of activities in my year end blog Security Predictions for 2011 and Beyond. Attackers are being targeted with more ferocity from governments, service providers and organizations worldwide. Another recent example this year was with the Rustock botnet takedown.