Chinese malware removed from SOHO routers after FBI issues covert commands

That's basically how the Sasser worm came to be. A hacker found a buffer overflow in the LSASS service, used that to replicate and then shut down the vulnerable service. But apparently he failed to account for Windows shutting down when LSASS was stopped, leading to a bootloop.

In the end it lead to massive damages when it actually was supposed to be a cure.

Chinese malware is probably preferable to whatever the FBI did with their access, and you'll never find out exactly what it was.

This is the best summary I could come up with:

The routers—mainly Cisco and Netgear devices that had reached their end of life—were infected with what’s known as KV Botnet malware, Justice Department officials said.

From there, the campaign operators connected to the networks of US critical infrastructure organizations to establish posts that could be used in future cyberattacks.

Before the takedown could be conducted legally, FBI agents had to receive authority—technically for what’s called a seizure of infected routers or "target devices"—from a federal judge.

"To effect these seizures, the FBI will issue a command to each Target Device to stop it from running the KV Botnet VPN process," an agency special agent wrote in an affidavit dated January 9.

Wednesday’s Justice Department statement said authorities had followed through on the takedown, which disinfected "hundreds" of infected routers and removed them from the botnet.

To effect these seizures, the FBI will issue a command to each Target Device to stop it from running the KV Botnet VPN process.

The original article contains 560 words, the summary contains 159 words. Saved 72%. I'm a bot and I'm open source!

In other news, "fbi installed mallard on your router"