As part of a joint operation by Microsoft and the U.S. FBI blocked the work of botnet Citadel, which specialize in the theft of personal information and bank details.
At the same time, Microsoft warned that the size and complexity Citadel such that the operation is not likely to destroy Citadel allow 100%. The company also pointed out that some of the other botnets have been associated with the Citadel and in a joint operation could be affected by other botnets.
Botnets are networks of computers infected with malicious software, which is controlled by cyber-criminals and they are used, as a rule, to send spam, spread viruses, attack other computers and servers, as well as for other types of illegal IT activities for botnet operators.
As part of Operation Operation b54 was suspended more than 1,400 team hosts Citadel, which together are responsible for the theft of data from more than 500 million end users and businesses around the world. Richard Boscovich, General Counsel, Microsoft Digital Crimes Unit, says that now the main elements of the Citadel is already out of service and network performance significantly impaired.
According to him, only a botnet was about 5 million computers, most of the United States, Europe, Hong Kong, Singapore, India and Australia. He also noted that the data collected on the operator network were transferred to the U.S. Supreme Court in the state of North Carolina, and transferred data hosting providers on platforms which have worked 1,462 malicious server operator.
It is known that the investigation of the Citadel began in 2012, when the anti-virus division of the company recorded a few spyware and keyloggers, working within the framework of the operators Citadel. Even then it was clear that the owners of Citadel designed to steal banking credentials and money transfers from bank accounts. Later network operators shall trade also began selling stolen user data on behalf of other criminals.
In a statement, Microsoft said that assistance in this operation had several organizations: the American Bankers Association, Center for the exchange of financial data and more. Also took part in the operations center Nacha, responsible for managing the electronic movement of money in the banking system ACH Network.
Boscovich wrote that the attackers originally applied only to software attack on an outdated system Windows XP, but with time they have released solutions for Windows 7 and even the new Windows 8.