With help from the FBI and other organizations, Microsoft has taken down the command and control servers for many Citadel botnets during the past week. These botnets were used with the Zeus banking Trojan to steal an estimated half a billion dollars.
InformationWeek's Matthew J. Schwartz reported, "Microsoft and FBI Wednesday announced that in a joint operation, they took down over 1,000 Citadel botnets that were being used to control millions of malware-infected PCs. Over the past 18 months, authorities believe the botnets stole over $500 million from consumer and business bank accounts, infecting more than 5 million PCs located in 90 countries, including the United States, Australia, Hong Kong, India and large parts of Western Europe."
PCMag's Chloe Albanesius explained, "Citadel installed key-logging software onto a computer, which tracked everything a person typed. That allowed the scammers to steal passwords and gain direct access to a PC user's bank account."
Jim Finkle with Reuters noted, "Microsoft has filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets. The complaint, unsealed on Wednesday, identifies the ringleader as John Doe No. 1, who goes by the alias Aquabox and is accused of creating and maintaining the botnet. Boscovich said investigators are trying to determine Aquabox's identity and suspect he lives in eastern Europe and works with at least 81 'herders,' who run the bots from anywhere in the world."
CRN's Robert Westervelt observed, "In its preliminary injunction requesting the Citadel seizure warrant, Microsoft said the botnet operators are believed to be based in the Ukraine or Russia. The attackers controlled an estimated 3 million to 5 million PCs to spread malware, spam and steal usernames and passwords to access bank accounts. The attackers are running a 'particularly sophisticated and destructive botnet enterprise,' Microsoft said, significantly impacting account holders at Bank of America, Wells Fargo, Citibank and Chase. Security firms have noted an increasing number of Zeus infections."