Spyware, the FBI, and The Failure of ISPs
Why can't ISPs routinely look at network activity and use deep-packet sniffing to find infected machines and tell the customer in the first place?
John C. Dvorak June 1, 2011
Operation Adeona, it was called. It involved the FBI. Spyware. Intrigue. Controversy. The FBI took it upon itself to attack one of the miserable botnets that plagues the Internet to figure out how to intercept its "calling home function." And essentially it ended up giving it new and less destructive instructions. Let me try to explain.
Botnets generally consist of thousands of infected computers that have some specific piece of malware installed. Your computer at home may be one of them. The malicious code is usually in the form of a Trojan Horse that was planted by a Web site or some code you mistakenly clicked on. Once installed on your computer it doesn't really do much until called into action.
The idea nowadays is to inhabit your machine for nefarious purposes including mailing spam from your account, pinging a target computer to harass someone, or even to do odd sorts of market research. Most of the time these infected machines do their dirty work after hours and seldom during the day when an observant owner might spot the dubious activity.
It is a public nuisance. I cannot emphasize enough how people should run some good scanners to ferret out these programs. Millions of machines are infected.
Anyway, so the FBI decided to counterattack one of the major botnets called Coreflood, which is used to loot bank accounts. The FBI was to replace the servers communicating with infected Coreflood machines with its own servers, and also to disable the Coreflood malware on the infected machines. This process seems to have gone well and the botnet was mostly silenced and had no way of getting any more nefarious instructions, rendering it useless. The problem is that the code is still on the machines. Now it gets dicey.
...