06 Jun 2013
In a coordinated action, Microsoft and the FBI disrupted Citadel, a multi-million dollar operation responsible for stealing approximately half a billion dollars from bank accounts worldwide. Police departments, technology firms and financial institutions in 80 countries coordinated efforts against this botnet.
The joint forces took down a network of approximately 5 million compromised machines on which scammers installed keyloggers to steal authentication data for banks and online payment accounts.
With these illegally grabbed passwords and login data, cybercriminals stole money from online users of numerous banks and online payment services, including PayPal, American Express, Bank of America, HSBC, Royal Bank of America and Wells Fargo.
Microsoft also started legal actions against a suspect known only by the nickname Aquabox while the FBI is actively working with Europol to apprehend 81 other members of the group involved in Citadel operations.
In a blog post, Microsoft wrote that, apart from spam, scammers would also rig pirated versions of Windows with Citadel to cause more infections and reach more people at the same time around the world, including North America, India, Australia, Hong Kong or Western Europe.
Citadel derives from the core code of Zeus, after the latter had its code made public online. Of the approximately 1400 Citadel networks, some 1000 are believed to be currently down. The fight against botnets is always challenging because the network revives quickly when separate groups access the code and customize it into different cybercrime toolkits.