Learn How To Hack! Learn Ethical Hacking & Download Free Hacking Tools

Now that the Federal Bureau of Investigation has successfully disarmed the Coreflood botnet temporarily, the next step is to get the malware off infected machines.

The number of beacons, or requests from Coreflood zombies to the C&C (command and control) servers have declined by over 90 percent in the week since the FBI raided and seized five C&C servers and 29 domains used to control the Coreflood botnet, according to court documents filed April 22. The requests have dropped from about 800,000 on April 13, two days before the raid, to less than 100,000 on April 22, according to court papers.

Many users were unaware their systems had been compromised in the first place and may still be infected even though the C&C servers are offline. With these dormant machines out there, it's possible that operators can resurrect the botnet at a later time and push out updated instructions to awaken its zombie army. "It stands to reason that when we stop seeing new exploits, that the entire botnet has to be on the decline," Patrick Cummins, a security malware researcher at Blue Coat Security, told eWEEK. The success and ultimate survival of the botnet depend on being able to continuously update its zombies. The U.S. Department of Justice employed a controversial technique to ensure Coreflood can't be revived by overwriting the malicious code on compromised systems with a new set of instructions.