Past efforts at killing botnets—the large networks of computers running malicious software to send spam, flood websites with traffic, and steal personal data—have managed to disable the networks by taking down important servers, but they've always stopped short of actually killing the botnet software itself. That's because the companies behind these efforts have no more legal authority to run unauthorized software on users' machines than the botnet owners do—to remove the botnet software would make them just as guilty of hacking as the bad guys are.
The result is that while efforts such as Microsoft's disruption of the Waledac and Rustock botnets were successful, they were far from perfect. These efforts left the malicious software running on the infected PCs—they just removed the command and control servers, the centralized machines that tell the botnet what to do. Should the bot herders regain control of the domain names or IP addresses used by the command-and-control servers, the infected machines will be able to successfully connect to them, and the networks will once again spring into life.
A new Justice Department attack will go some way towards solving that problem, at least for the botnet known as "Coreflood." A federal judge has authorized the non-profit Internet Systems Consortium, working in conjunction with the FBI, to go beyond taking down the command-and-control servers: the ISC has installed its own command-and-control servers. The command the servers are sending? Kill the botnet malware. The servers were swapped out on Tuesday evening, and the kill command was duly sent.
