Microsoft, with help from feds, delivers body blow to massive fraud ring - Ars Technica

In a coordinated takedown with the FBI and financial institutions, Microsoft on Wednesday dealt a powerful blow to an online fraud syndicate that siphoned more than $500 million out bank accounts all over the world. The takedown, dubbed Operation b54, disrupted more than 1,400 botnets based on Citadel, a powerful piece of banking malware available for sale in underground forums. Citadel has been in existence since 2011 and is based on leaked source code from the Zeus banking trojan. Citadel provides criminals with most of what they need to engage in wide-spread banking fraud, including exploits for infecting end users, keyloggers for stealing those end users' bank passwords, and back-end code for running the command and control servers that issue malware updates and receive login credentials from infected computers. Microsoft used civil seizure orders issued by a federal judge in North Carolina to simultaneously cut off communications between 1,462 Citadel botnets and the infected computers that reported to them. The company also filed suit against a currently unknown operator under the name of Aquabox, who is suspected to be connected with one or more of the botnets. According to Reuters, Microsoft sought the FBI's help almost two weeks ago and worked with law enforcement agencies in other countries, including Australia, Brazil, Ecuador, Germany, Holland, Hong Kong, Iceland, India, Indonesia, Spain, and the UK. About 455 of the botnets were hosted in the US across 40 data centers, while the rest were located in dozens of countries abroad. Microsoft technicians escorted by federal marshals visited two US data centers, one in Scranton, PA, and the other in Absecon, NJ, to collect forensic evidence. Officials from three financial services trade groups also pitched in. "While these takedowns may not eliminate the threat of Citadel completely, they certainly disrupt current campaigns and send out a clear message to attackers that their actions are being monitored," Symantec employee Orla Cox, wrote. "Symantec also welcomes the cooperation between the public and private sector in taking action against this threat." Operation b54 is Microsoft's seventh botnet takedown. Since banking trojans almost exclusively target Microsoft's widely used Windows operating system, company officials have added such legal actions to their arsenal of weapons to combat criminals who target Windows users. The most recent operation marked the first time that law enforcement officials have worked with the private sector in this way to disrupt botnets, according to Richard Domingues Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit. He provided more details about the takedown here. via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNHnS4np1Wj-OEmaCTBcrTbdR-Tx2A&url=http://arstechnica.com/security/2013/06/microsoft-with-help-from-feds-delivers-body-blow-to-massive-fraud-ring/

Put the internet to work for you. via Personal Recipe 2598265