Microsoft torpedoes Citadel botnet infrastructure

Share this article:

A botnet infrastructure believed responsible for stealing more than a half-billion dollars from individuals and organizations worldwide has been crippled, Microsoft announced Wednesday evening.

Codenamed Operation b54, the takedown severed connections between some 1,400 Citadel botnets and the individual computers under their control. On the back of a seizure warrant ordered by U.S. District Court in Charlotte, N.C. in response to a lawsuit it filed, Microsoft cut off communication between the command-and-control servers and infected computers.

In addition, the software giant, assisted by the U.S. Marshals Service, "seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania," the company said in a news release. Microsoft also alerted computer emergency response teams (CERTs) in other countries so they can initiate their own efforts.

Citadel, described as a sophisticated cousin of the Zeus trojan, typically targets computers to steal financial information, such as bank account credentials. The crooks then use that information to login to victims' bank accounts and wire out money, to the tune of an estimated half-billion dollars.

Citadel is difficult to remove, as well. Its functionality includes blocking victims from visiting anti-virus websites where they would go to remove infections from their machines.

Richard Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit, said in a statement that the dismantling won't put an end to Citadel because it is large and complex, but it will help. The company is working with internet service providers and CERTs globally to help affected computer owners purge Citadel. It's believed some five million people have been affected by the trojan across a number of countries.

"[W]e do expect that this action will significantly disrupt Citadel's operation, helping quickly release victims from the threat and making it riskier and more costly for the cyber criminals to continue doing business," Boscovich said.

This is the seventh botnet disruption operation Microsoft has led. Previous takedown efforts were directed at Rustock, Waledac, Zeus and Kelihos. The FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association assisted Microsoft in its undertaking.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.