Microsoft, FBI Join Forces; Cripple Half Billion Dollar Citadel Botnet - PC Magazine

Rejoice! The Citadel botnet has fallen! The computers it once enslaved are free, and the world will be set right. Well, not quite, but Microsoft announced yesterday that they'd partnered with the FBI and other organizations to take 1,462 known, independent Citadel botnets offline. The action, led by Microsoft, is being billed as a major success. In an FBI release, the bureau wrote that they participated "in separate but coordinated operations" involving Microsoft and other companies. "The FBI provided information to foreign law enforcement counterparts so that they could also take voluntary action on botnet infrastructure located outside of the United States," wrote the bureau. "The FBI also obtained and served court-authorized search warrants domestically related to the botnets." The Takedown Microsoft began their investigation into Citadel in 2012, and quickly discovered the massive scope of the illegal operation. They wrote in a press release that Citadel had infected over five million computers in 90 countries including the US, Europe, China, India, and Australia. Microsoft estimates that the malware was responsible for stealing a half billion dollars from both individuals and companies. The first step in taking down the servers began in the U.S. District Court for the Western District of North Carolina, which authorized Microsoft to cut off communications between 1,462 Citadel botnets and the infected computers. "On June 5, Microsoft, escorted by the U.S. Marshals, seized data and evidence from the botnets," wrote the software company. This included servers from data hosting facilities in New Jersey and Pennsylvania. What is Citadel If you're a regular reader of SecurityWatch, you've probably seen Citadel mentioned before. It's probably best known for being the malicious payload in the NBC.com malvertising debacle, where a legally purchased ad contained malicious code. At the time of the NBC attack, Malwarebyets told PC Mag that Citadel is based off the Zeus Banking Trojan. In yesterday's released about the take-down, Microsoft specifically called out Citadel's keylogging capabilities and how it was used to compromise victim's bank accounts. "Because the operators used the malware to steal victims' online banking credentials and make fraudulent transactions, financial services industry leaders including FS-ISAC, NACHA, ABA, and Agari supported Microsoft's civil lawsuit by serving as declarants in the case," wrote Microsoft. Citadel is remarkable for its diversity and ease of set up, and Symantec writes that it can be purchased for around $3,000. These 1,462 active botnets mentioned by Microsoft are networks of infected computers independent from one another, but all running the same—or similar—software. Hopefully, this will send a message to other would be botherders that Citadel may not be the tool of choice. What's Next The important thing to remember is that Citadel is not dead. "Due to the size and complexity of the threat, Microsoft and its partners do not expect to fully eliminate all of the botnets using Citadel," wrote Microsoft. "However, it is expected that this action will significantly disrupt the botnets' operation, making it riskier and more expensive for the cybercriminals to continue doing business and allowing victims to free their computers from the malware." While taking down the servers has certainly crippled the botnet, increasing the risk and cost for the organizations and individuals running Citadel botnets is probably more valuable. Most cybercrime is a numbers game, relying on lots of successes—sometimes small successes—to make money. When a method of attack becomes too difficult or too expensive, criminals are forced to innovate or give up. The most important next step is removing the Citadel malware from infected computers so that Citadel botnets can't be resurrected later. "Immediately following the disruption, Microsoft will use the threat intelligence gathered during the seizure to work with Internet Service Providers and Computer Emergency Response Teams worldwide to quickly and efficiently notify people if their computer is infected," wrote Microsoft. If you already know you've been infected, malware removal tools like our Editors' Choice Malwarebytes Anti-Malware 1.70 would be a good first step for cleaning out your computer. Even though Citadel isn't really dead, Microsoft, the FBI, and all the other players are quick to point out that just working together was a victory. Hopefully we'll have more good news stories about other super-groups working to take down the bad guys. Image via kalavinka via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNE26-PLXhgcFKHE_79lhPw3p0d5QA&url=http://securitywatch.pcmag.com/security/312318-microsoft-fbi-join-forces-cripple-half-billion-dollar-citadel-botnet

Put the internet to work for you. via Personal Recipe 2598265