Microsoft and FBI disrupt more than 1,000 botnets

The Citadel malware was responsible for more than $500m bank fraud.

New Statesman
Photograph: Getty Images.

Microsoft Corporation and the Federal Bureau of Investigation (FBI), together with other technology industry partners, have disrupted more than 1,000 computer networks (botnets) after they found Citadel malware.

However, details of the company that operates botnets are not revealed.

Cybercriminals, also called botherders, operate botnets to steal online banking and personal information of customers.

The Citadel malware affected more than five million people in the US, Europe, Hong Kong, Singapore, India, and Australia, and was also responsible for more than $500m bank fraud.

The coordinated investigation, which first began in 2012, found that computers infected with Citadel malware began monitoring and recording a victim’s keystrokes through a tactic known as keylogging.

“The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world,” Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft.

“Today’s actions represent the future of addressing the significant risks posed to our citizens, businesses, and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software,” said Richard McFeely, executive assistant director of FBI.

During the operation, Microsoft found that botherders are using illegally obtained product keys created by key generators for outdated Windows XP software to develop their malware.

A10 Networks, Nominum, the Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA – The Electronic Payments Association, the American Bankers Association (ABA) – Agari were the other technology partners involved in the operation as part of an effort to fight cybercrime.

Microsoft, which filed a civil suit against the cybercriminals operating the Citadel botnets last week, also seized data and evidence from the botnets from two facilities in New Jersey and Pennsylvania.