This coordinated disruption resulted from an investigation that Microsoft and its financial services and technology industry partners have begun in early 2012. After looking into this threat, Microsoft and its partners discovered that once a computer was infected with Citadel malware, that malware began monitoring and recording a victims keystrokes. This tactic, known as keylogging, provides cybercriminals information to gain direct access to a victims bank account or any other online account in order to withdraw money or steal personal identities. This means that when victims are using their computers to access their bank or online accounts, cybercriminals can use the stolen information to pilfer those same accounts as well.
Microsoft also found that in addition to being responsible for more than USD half a billion in losses among people and businesses worldwide, the Citadel malware has affected upwards of five million people, with some of the highest number of infections appearing in the US, Europe, Hong Kong, Singapore, India and Australia.
Microsoft has filed a civil suit against the cybercriminals operating the Citadel botnets, receiving authorization from the US District Court for the Western District of North Carolina for Microsoft to simultaneously cut off communication between 1,462 Citadel botnets and the millions of infected computers under their control.
Microsoft has also provided information about the botnets operations to international Computer Emergency Response Teams (CERTs), so these partners could take action at their discretion on additional command and control infrastructure for the botnets located outside of the US. The FBI has also provided information to foreign law enforcement counterparts so that they could also take voluntary action on botnet infrastructure located outside of the U.S. The FBI has obtained and served court-authorized search warrants domestically related to the botnets.
In addition to supporting Microsofts lawsuit with a legal declaration, Agari, a partner of FS-ISAC, provided forensic data gathering based on the terabytes of email data that Agari collects from sources across the internet to protect against email threats such as phishing. Meanwhile, A10 Networks and Nominum provided Microsoft with technology to support the disruptive action.
Citadel is a global threat that is believed may have already infected victims in more than ninety countries worldwide since its inception. Botnets are networks of compromised computers infected by malicious software to be controlled by cybercriminals known as botherders.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now