<\/a><\/figure><\/div>\n\n\nDue to potential legal challenges associated with conducting a widespread disinfection campaign, the decision to launch large-scale disinfection is being left to national Computer Emergency Response Teams (CERTs), Law Enforcement Agencies (LEAs), and cybersecurity authorities. The so-called “sovereign disinfection” involves these national bodies receiving data from the researchers’ sinkhole about infections within their jurisdictions. They can then decide whether to start a disinfection, based on their assessment of the situation. This process allows for a tailored response, considering cross-border internet connections and other complexities.<\/p>\n\n\n\n
“As stated before, there are limitations to the two discussed methods of remote disinfection. Firstly, the worm has the capability to exist on air-gapped networks, which makes these infections beyond our reach. Secondly, and perhaps more noteworthy, the PlugX worm can reside on infected USB devices for an extended period without being connected to a workstation.” concludes the report. “Therefore, it is impossible to complete remove this worm<\/strong>, by issuing a unique command to all the infected workstations. Consequently, we also strongly recommend that security editors create effective detection rules against this threat on the workstation side to prevent the reuse of this botnet in the future.”<\/em><\/gwmw><\/p>\n\n\n\n