The FBI has issued some 19,000 uninstall commands to the computers of 24 individuals infected by the Coreflood botnet, effectively purging their machines of that malware, and leaving behind no unintended consequences thus far according to a report from Brian Krebs.
This move was made possible by the US District Court of Connecticut back in April when they granted the Justice Department and the FBI permission to seize control over the 29 domain names that controlled the day-to-day operations of the command and control servers, redirecting traffic intended for the command and control servers to an FBI server instead.
More importantly than that though according to Krebs, the FBI was awarded a temporary restraining order that allowed them to send commands that would disable the malware to PCs infected by Coreflood.
In a court document, FBI Special Agent Kenneth Keller claims the FBI has notified hundreds of additional victims and their ISPs. Keller also claims the FBI has notified law enforcement agencies abroad.
Keller admits that it will be very difficult to notify and obtain consent from all those infected by Coreflood, but claims that the dramatic, 95% decline in the size of the Coreflood botnet is due largely to victim notification efforts. It is reported that the FBI obtained written consent from each individual victim in advance.
This controversial move follows similar actions taken by Dutch officials last October when they shut down the Bredolab botnet and redirected infected computeres to a Web page with instructions on removing the Trojan.