Microsoft and FBI Terminates $500 Million Citadel Malware Botnet

Posted Jun 6, 2013

Microsoft Corporation and the FBI worked together to kill 1,000 botnets that were used to steal the banking information and identities of 5 million people.  This botnet resulted in over $500 million in losses for people.  The malware is known as “Citadel.”

Most of the botnets were based throughout the U.S., Europe, Hong Kong, Singapore, India, and Australia.  It was spread throughout over 90 countries.

“The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world,” stated Microsoft general counsel Brad Smith. “Today’s coordinated action between the private sector and law enforcement demonstrates the power of combined legal and technical expertise and we’re going to continue to work together to help put these cybercriminals out of business.”

“Today’s actions represent the future of addressing the significant risks posed to our citizens, businesses, and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software,” stated FBI executive assistant director Richard McFeely. “Creating successful public-private relationships?in which tools, knowledge, and intelligence are shared?is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI. We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible.”

Citadel placed key-logging software on computers and tracked everything that a user typed.  This way it could gain access to bank accounts, e-mails, and credit card information.  Microsoft and the FBI have been working together since early 2012 to kill off Citadel.  Last week, a lawsuit was filed against people that were operating the botnet.  The FBI and Microsoft received authorization from a North Carolina district court to have communication between 1,462 Citadel botnets terminated.  Microsoft took evidence including servers from data-hosting facilities throughout New Jersey and Pennsylvania taken.

Microsoft and the FBI are still working on completely killing off the Citadel botnets, but this move significantly disrupts their network.  Microsoft added that this was their seventh bonnet takedown.