X

Microsoft, feds disrupt massive Citadel botnet

The software giant teams with the FBI and financial services industry groups to slow down a cybercrime ring that is allegedly responsible for roughly $500 million in losses.

Jay Greene Former Staff Writer
Jay Greene, a CNET senior writer, works from Seattle and focuses on investigations and analysis. He's a former Seattle bureau chief for BusinessWeek and author of the book "Design Is How It Works: How the Smartest Companies Turn Products into Icons" (Penguin/Portfolio).
See full bio
Jay Greene
2 min read

Working with the Federal Bureau of Investigation, Microsoft on Wednesday moved to disrupt a massive cybercrime ring allegedly responsible for stealing online banking information and personal identities, leading to more than $500 million in losses.

In what the company described as its "most aggressive botnet operation to date," Microsoft acted on a court ordered civil seizure warrant from the U.S. District Court for the Western District of North Carolina to take down 1,462 Citadel botnets. The company wasn't able to shut down all of the botnets using the Citadel malware.

"However, we do expect that this action will significantly disrupt Citadel's operation, helping quickly release victims from the threat and making it riskier and more costly for the cybercriminals to continue doing business," Richard Domingues Boscovich, assistant general counsel in Microsoft Digital Crimes Unit, wrote in a blog post.

Related stories

Botnet malware turns computers into robots that are slaves to servers run by cyber criminal. They can command PCs to send spam, spread viruses, and attack other servers. In this case, the Citadel malware monitored and recorded victims' keystrokes, a tactic known as keylogging. When users accessed their bank accounts online, the criminals were able to swipe the information needed to access accounts, and learn details about personal identities. What's more, Citadel blocked access to anti-virus sites, preventing users from removing the malware.

Microsoft said that the Citadel malware hit about 5 million people in more than 90 countries. The biggest infections are in the United States, Europe, Hong Kong, Singapore, India, and Australia.

Earlier Wednesday, federal marshals escorted Microsoft officials to two data hosting facilities in New Jersey and Pennsylvania, where they seized data and evidence from the botnets. Microsoft also provided information about the botnets' operations to international Computer Emergency Response Teams, and the FBI also provided information to foreign law enforcement agencies, in order to shut down the Citadel operations outside the United States.

The company also got assistance from the Financial Services - Information Sharing and Analysis Center, NACHA - The Electronic Payments Association, and the American Bankers Association in its efforts to disrupt Citadel.