Microsoft Removes 88% of Citadel Botnets, Malware that Affected More than 5 Million People

By: Arici Alexandra
2 minute read

This week we have seen Microsoft report the finalization of the Citadel botnet operation. For those unfamiliar with the matter, the tech giant launched an aggressive campaign alongside financial services industry leaders, tech industry partners and the FBI itself in order to take down Citadel botnets.

What is a Citadel botnet, you might be wondering? Citadel is one of the most dangerous Trojans alive out there in cyber space, because it has been especially designed to steal sensitive financial information. Citadel is a spawn of the better known Zeus malware and is usually used by cyber criminals looking to extract large sums of money from their victims’ accounts. Citadel can speculate usernames and password used in financial transactions, so hackers using the malware would hold tremendous power over the victim.

microsoft citadel botnet takedown

Microsoft’s “most aggressive botnet operation is a success

Following an operation that kickstarted two months ago, Microsoft finally managed to remove 88% of Citadels bots from its data centers which were used by botmasters to access the sensitive information. Microsoft had to sinkhole lots of domains that were under the power of botmasters using Citadel. Sinkholing involves monitoring computers that are linked to the sinkhole in order to be able to alert the network owners about the problem that has been found in the systems.

However, in the end it turned out that not all sinkholes busted by Microsoft were legitimate ones. Some were set up by security researches in an effort to track Cidatel’s movements. Microsoft received support from the FBI in this important operation because Citadel botnets were apparently spreading without control. More than 1,400 botnets related to Citadel made a negative impact over more than five million people worldwide. From the TechNet blog post:

According to our data, as of July 23, our coordinated action against the threat has disrupted roughly 88 percent of the Citadel botnets operating worldwide. In addition, our analysis shows that approximately 40 percent of the computers we believe to have been infected with Citadel and directly impacted by our operation have been cleaned since the time of our action in June, and we continue to work with others to help clean the remaining victims

Microsoft has performed operations like these in the past but this is the first time law enforcement comes into the picture. According to the data, most infected countries turned out to be Germany, Thailand, Italy, India, Australia and the US. Watch the video below with the commentary from Richard Domingues Boscovich, Assistant General Counsel at Microsoft’s Digital Crimes Unit.


via: TechNet

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).


Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading