Microsoft and the FBI have broken up a large portion of the Citadel network – a group of botnets which had stolen $500 million from bank accounts in 90 countries around the world by installing keylogger software on five million machines.
“Microsoft executed a simultaneous operation to disrupt more than 1,400 Citadel botnets, which are responsible for over half a billion dollars in losses to people and businesses worldwide,” said Richard Domingues Boscovich of Microsoft’s Digital Crimes Unit.
Working with banking organisations in the U.S., Microsoft filed a civil suit against the operators of the Citadel botnet. This week, the company received authorization from the U.S. District Court for the Western District of North Carolina to cut off communication between 1,462 networks and millions of infected machines.
“Due to Citadel’s size and complexity, we do not expect to fully take out all of the botnets in the world using the Citadel malware,” said Boscovitch in a blog post. “However, we do expect that this action will significantly disrupt Citadel’s operation, helping quickly release victims from the threat and making it riskier and more costly for the cybercriminals to continue doing business.”
Infected machines had been blocked from visiting many legitimate antivirus/anti-malware sites, meaning that the infection was hard to remove. Microsoft says there was also a link with fraudulent product keys for Windows XP.
“Microsoft found that the cybercriminals are using fraudulently obtained product keys created by key generators for outdated Windows XP software to develop their malware and grow their business, demonstrating a continued connection between software piracy and global cybersecurity threats,” the company said in a statement.
“Crimes used to happen through stickups, but today criminals use mouse clicks,” said Greg Garcia, a consultant and former Department of Homeland Security cyber official, acting as a spokesman for three major financial industry associations who worked with Microsoft. “This action aims to stop the ongoing harm of these Citadel botnets against people and businesses worldwide, and you can be assured that we will continue to partner with the public and private sectors to help financial institutions protect our customers from threats like this.”
Author Rob Waugh, We Live Security