This week we have seen Microsoft report the finalization of the Citadel botnet operation. For those unfamiliar with the matter, the tech giant launched an aggressive campaign alongside financial services industry leaders, tech industry partners and the FBI itself in order to take down Citadel botnets.
What is a Citadel botnet, you might be wondering? Citadel is one of the most dangerous Trojans alive out there in cyber space, because it has been especially designed to steal sensitive financial information. Citadel is a spawn of the better known Zeus malware and is usually used by cyber criminals looking to extract large sums of money from their victims’ accounts. Citadel can speculate usernames and password used in financial transactions, so hackers using the malware would hold tremendous power over the victim.
Microsoft’s “most aggressive botnet operation is a success
Following an operation that kickstarted two months ago, Microsoft finally managed to remove 88% of Citadels bots from its data centers which were used by botmasters to access the sensitive information. Microsoft had to sinkhole lots of domains that were under the power of botmasters using Citadel. Sinkholing involves monitoring computers that are linked to the sinkhole in order to be able to alert the network owners about the problem that has been found in the systems.
However, in the end it turned out that not all sinkholes busted by Microsoft were legitimate ones. Some were set up by security researches in an effort to track Cidatel’s movements. Microsoft received support from the FBI in this important operation because Citadel botnets were apparently spreading without control. More than 1,400 botnets related to Citadel made a negative impact over more than five million people worldwide. From the TechNet blog post:
According to our data, as of July 23, our coordinated action against the threat has disrupted roughly 88 percent of the Citadel botnets operating worldwide. In addition, our analysis shows that approximately 40 percent of the computers we believe to have been infected with Citadel and directly impacted by our operation have been cleaned since the time of our action in June, and we continue to work with others to help clean the remaining victims
Microsoft has performed operations like these in the past but this is the first time law enforcement comes into the picture. According to the data, most infected countries turned out to be Germany, Thailand, Italy, India, Australia and the US. Watch the video below with the commentary from Richard Domingues Boscovich, Assistant General Counsel at Microsoft’s Digital Crimes Unit.